SecurID

SecurID

Keywords

Examples

Related Commands

SecurID

This section is used to configure SecurID parameters. SecurID is Security Dynamic's proprietary system which requires ACE/Server software and SecurID tokens to perform dynamic two-factor authentication.

configure SecurID

Keywords

After entering the configure command for the section, enter one or more of the following keywords.

Enabled = {On | Off}

If the Enabled keyword is On, SecurID authentication of users will be enabled on the server.

EncryptMethod = {DES | SDI}

The EncryptMethod keyword selects the encryption algorithm for data exchanged between the VPN 5000 concentrator and the ACE/Server. DES specifies that the DES algorithm will be used to scramble the data in both directions. SDI specifies that Security Dynamic's propriety algorithm will be used. The default is DES.

Port = number

The Port keyword defines which UDP port on the ACE/Server will be used to exchange information. The default is 5500. The value may range between 1 and 65,535.

PrimaryServer = IP_Address

The PrimaryServer keyword sets the IP address of the primary ACE/Server.

BackupServer = IP_Address

The BackupServer keyword sets the IP address of the secondary ACE/Server. If no response is received from the primary ACE/Server after the Timeout period, then this secondary server is used.

Timeout = number

The Timeout keyword sets the number of seconds the device will wait before trying the backup ACE/Server. The default is 5. The value may range between 1 and 75.

BindTo = {Ethernet | WAN} slot:port[.sub-interface]

The BindTo keyword specifies which interface on this device will have its IP address used as a source address for all packets sent to the SecurID server. The IP address for the specified interface must be configured in the RADIUS server as the client address.

Enabled = {On \| Off}	If the Enabled keyword is On, SecurID authentication of users will be enabled on the server.
EncryptMethod = {DES \| SDI}	The EncryptMethod keyword selects the encryption algorithm for data exchanged between the VPN 5000 concentrator and the ACE/Server. DES specifies that the DES algorithm will be used to scramble the data in both directions. SDI specifies that Security Dynamic's propriety algorithm will be used. The default is DES.
Port = number	The Port keyword defines which UDP port on the ACE/Server will be used to exchange information. The default is 5500. The value may range between 1 and 65,535.
PrimaryServer = IP_Address	The PrimaryServer keyword sets the IP address of the primary ACE/Server.
BackupServer = IP_Address	The BackupServer keyword sets the IP address of the secondary ACE/Server. If no response is received from the primary ACE/Server after the Timeout period, then this secondary server is used.
Timeout = number	The Timeout keyword sets the number of seconds the device will wait before trying the backup ACE/Server. The default is 5. The value may range between 1 and 75.
BindTo = {Ethernet \| WAN} slot:port[.sub-interface]	The BindTo keyword specifies which interface on this device will have its IP address used as a source address for all packets sent to the SecurID server. The IP address for the specified interface must be configured in the RADIUS server as the client address.

Examples

[ SecurID ]
Enabled                  = On
EncryptMethod            = DES
PrimaryServer            = 192.168.12.8
BackupServer             = 192.168.41.2
Timeout                  = 5
BindTo                   = Ethernet 0:0

Related Commands

Command Description

configure VPN Group

Configures the VPN group parameters

reset securid secret

Resets the SecurID secret

show securid

Shows SecurID statistics and servers

Command	Description
configure VPN Group	Configures the VPN group parameters
reset securid secret	Resets the SecurID secret
show securid	Shows SecurID statistics and servers

Table of Contents

SecurID

Keywords

Examples

Related Commands