Any experience with RSA SecurID (VPN)?

DotComCTO

macrumors 6502
Original poster
Aug 17, 2006
305
36
I'm wondering whether anyone has any experience with connecting their Mac to their corporate network using RSA SecurID (RSA SecurID 6.1). I seem to be having issues with the built-in OS X VPN client. A call to Apple support did a whole lot of nothing for me.

Someone in another forum suggested using the Cisco client, but I wasn't sure whether that was for some Cisco-specific product.

The issue is that I get an error immediately upon connecting and don't even get a chance to enter my token code.

Anyone have any insight here???

Thanks.

--DotComCTO
 

szark

macrumors 68030
May 14, 2002
2,887
0
Arid-Zone-A
Your best bet is to find out what software the IT department uses for Windows. If it is Cisco client software, use the links above. If it is Nortel Networks software, use the Apani VPN clients.

I use the Apani client and it works great. (Admittedly expensive, but you should be able to convince your company to pay for it.)
 

DotComCTO

macrumors 6502
Original poster
Aug 17, 2006
305
36
lancejorton said:
Thanks for the help, and believe me, I searched Google quite extensively before I made a post. I would consider trying the Cisco client; however, as I mentioned in my original post, we are not using a Cisco VPN solution. We are using RSA ACE server 6.1 along with Microsoft ISA 2004 & their PPTP VPN.

I *could* try the Cisco solution, but was hoping to find someone with hands on experience.

Thanks for the help!

:cool:

--DotComCTO
 

DotComCTO

macrumors 6502
Original poster
Aug 17, 2006
305
36
szark said:
Your best bet is to find out what software the IT department uses for Windows. If it is Cisco client software, use the links above. If it is Nortel Networks software, use the Apani VPN clients.

I use the Apani client and it works great. (Admittedly expensive, but you should be able to convince your company to pay for it.)
Thanks for the help. Since I run the IT shop, I know exactly what we use! :D

We are using RSA ACE server 6.1 along with Microsoft ISA 2004 & their PPTP VPN. The Windows client works without any issues, but the built-in Mac client generates an immediate error. I tried Apple support, but they don't provide support for their VPN client. They just redirected me to the vendor.

If you've got any other suggestion, please send them my way!!

Thanks again!

:cool:

--DotComCTO
 

atmenterprises

macrumors 6502
Jan 28, 2006
288
123
I have one of those RSA keys for work to get through the VPN and I could never get it to work through OS X so I just run it through IE (through Windows installed under Parallels) and it works flawlessly. Believe me - I scoured the internet for days and days and couldn't find a solution.
 

tjoynt

macrumors newbie
Mar 6, 2008
1
0
Solution found

I don't know if this will help any of the original posters, being a year and a half later, but maybe it will help others in the future. Similar to DotComCTO, I am using RSA Authentication Manager 6.1 along with Microsoft ISA 2006 its PPTP VPN. Users authenticate using a username and an RSA SecurID 700 token. The Mac OS X 10.3-10.5 VPN clients have a "SecureID" option, but failed immediately upon connection. RSA support was absolutely no help in the matter.

The RSA SecurUD / ISA 2006 implementation guide published by RSA covers what is necessary to connect using the RSA Authentication Agent 6.1 for Windows client software, but leave out a crucial step that allows the Mac OS X client to connect as well. On page 15, step 18 of the guide, when you are configuring your Routing and Remote Access Policies, you are instructed to add only "RSA EAP - Protected OTP" to the "EAP Methods" of your VPN users policy. The windows authentication agent 6.1 software, can use the "RSA EAP - Protected OTP" method, but the Mac OS X VPN client software cannot. It expects the earlier "RSA Security EAP" method, which can be added in the same Routing and Remote Access Policies policy window in which "RSA EAP - Protected OTP" was added. Once this EAP method is added, Mac OS X 10.3+ VPN clients work flawlessly.

A small but crucial tidbit of information RSA doesn't mention anywhere.

I hope this helps someone!

-T
 

duffydj

macrumors newbie
Jul 11, 2008
8
0
Perfect

I don't know if this will help any of the original posters, being a year and a half later, but maybe it will help others in the future. Similar to DotComCTO, I am using RSA Authentication Manager 6.1 along with Microsoft ISA 2006 its PPTP VPN. Users authenticate using a username and an RSA SecurID 700 token. The Mac OS X 10.3-10.5 VPN clients have a "SecureID" option, but failed immediately upon connection. RSA support was absolutely no help in the matter.

The RSA SecurUD / ISA 2006 implementation guide published by RSA covers what is necessary to connect using the RSA Authentication Agent 6.1 for Windows client software, but leave out a crucial step that allows the Mac OS X client to connect as well. On page 15, step 18 of the guide, when you are configuring your Routing and Remote Access Policies, you are instructed to add only "RSA EAP - Protected OTP" to the "EAP Methods" of your VPN users policy. The windows authentication agent 6.1 software, can use the "RSA EAP - Protected OTP" method, but the Mac OS X VPN client software cannot. It expects the earlier "RSA Security EAP" method, which can be added in the same Routing and Remote Access Policies policy window in which "RSA EAP - Protected OTP" was added. Once this EAP method is added, Mac OS X 10.3+ VPN clients work flawlessly.

A small but crucial tidbit of information RSA doesn't mention anywhere.

I hope this helps someone!

-T
Just as Moby says in his shows:

Thank you, thank you, thank you!
It worked fine!!!!
Cheers