Saturday, May 22, 2010

How to configure RSA SecureID for SSH on NSF / Nortel Switched Firewall / Alteon 5111 / 5109 / 5106 / any 5100 series / NSF 6616 / 6614 series???

Configure RSA SecurID for Nortel Switched Firewall / Alteon Firewalls..


Note : This configuration is supported only on the version 2.3.6 and 4.1.4 release onwards.
CLI for NSF 5100 series firewalls
A new set of CLI commands are added for enabling/disabling SecurID authentication on
NSF 5100 series firewalls.
>> Main# /cfg/sys/adm/securid/
------------------------------------------------------------
[SecurID Authentication Menu]
ena - Enable SecurID Authentication
dis - Disable SecurID Authentication
interface - Set SecurID Interface Index
download - Download SecurID config file [floppy/usb/tftp/ftp/scp/sftp]
All command will be in effective once you apply only.
/cfg/sys/adm/securid/ena – to enable the securID authentication for SSH.
/cfg/sys/adm/securid/dis – to disable the securID authentication for SSH.
/cfg/sys/adm/securid/interface – This command is used to add the Interface index
number from where the firewall will be talking to RSA server.
/cfg/sys/adm/securid/download – with this command you can download sdconf.rec file form FTP or other device as mentioned in Admin Guide.
CLI for NSF 6000 series firewalls
A new set of CLI commands are added for enabling/disabling SecurID authentication on
NSF 6000 series firewalls.
>> Main# /cfg/sys/adm/securid/
------------------------------------------------------------
[SecurID Authentication Menu]
ena - Enable SecurID Authentication
dis - Disable SecurID Authentication
server - Set SecurID server configuration
download - Download SecurID config file [floppy/usb/tftp/ftp/scp/sftp]
/cfg/sys/adm/securid/ena – to enable the securID authentication for SSH.
/cfg/sys/adm/securid/dis – –to disable the securID authentication for SSH.
cfg/sys/adm/securid/server –add the IP address of the
ACE server.
/cfg/sys/adm/securid/download – – with this command you can download sdconf.rec file form FTP or other device as mentioned in Admin Guide.

No comments: