Windows Routing and Remote Access Service - RADIUS Configuration with Authentication Manager - RSA Ready Implementation Guide
6 months ago

This article describes how to integrate Windows RRAS with RSA Authentication Manager (AM) using RADIUS.

   

Configure AM

Perform these steps to configure AM using RADIUS.

Procedure

  1. Sign in to Security Console.
  2. Go to RADIUS > RADIUS Servers and make a note of the IP address of the selected RADIUS server.
  3. Navigate to RADIUS > RADIUS Clients and click Add New.
  4. On the Add RADIUS Client page, enter the following:
    1. Client Name: Enter a descriptive name for the RADIUS client.
    2. IPv4 Address: Enter the IP address of the RADIUS client (Windows RRAS server).
    3. Make/Model: Standard Radius.
    4. Shared Secret: Create and enter a secure shared secret. This secret will be used for secure communication between the RADIUS client and the RADIUS server.
  5. Click Save & Create Associated RSA Agent.
  6. On the Add New Authentication Agent page, click Save, then confirm by clicking Yes, Save Agent.

Notes

  • AM RADIUS server listens on ports UDP 1645 and UDP 1812.
  • The relationship of the agent host record to the RADIUS client in AM can be 1 to 1, 1 to many, or 1 to all (global).
  • Shared Secret must be an alphanumeric string between 1 and 31 characters in length and is case-sensitive.

       

Configure Windows RRAS

Perform these steps to configure Windows RRAS.
Procedure

  1. Log on to the RRAS Windows server.
  2. Open the Routing and Remote Access configuration on the server.
  3. In the left pane, right-click the server name and click Properties
  4. On the Server Properties page, navigate to the Security tab.
  5. Under Authentication provider, choose RADIUS Authentication.
  6. On the same window, click Configure next to RADIUS Authentication.
  7. On the Configure window, click Add to add the RSA RADIUS server details.
  8. On the Add RADIUS Server window, enter the details of the RADIUS server and click OK.
    1. Server name: Name for the RSA RADIUS server.
    2. Shared secret: RADIUS secret between the RADIUS client and server. This should match the secret configured in RSA.
    3. Time-out: Increase the timeout to 15 seconds.
    4. Port: Leave port 1812 as the default port used for RADIUS.
  9. In the Security tab, click Authentication Methods.
  10. Select the Unencrypted password (PAP) checkbox and click OK

Note: The VPN client used should also be configured to use PAP to match what is configured in RRAS.
In the preceding screenshot, a pre-shared key (PSK) was used for L2TP/IPsec for simplicity. This should match the PSK configured in the VPN client.
  

 

The configuration is complete.

Related Articles

Trending Articles

Don't see what you're looking for?