000019686 - How to configure Remote Client to work with RSA SecurID using Extensible Authentication Protocol (EAP)

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019686
Applies ToRSA ACE/Server
Microsoft Windows 2000
RSA ACE/Agent 1.1 for Windows 2000 (RRAS) (no longer supported as of 3-3-2003)
Extensible Authentication Protocol (EAP)
Transport Layer Security (TLS)
IssueHow to configure Remote Client to work with RSA SecurID using Extensible Authentication Protocol (EAP)
Connection hangs or drops when attempting to connect using Extensible Authentication Protocol - Transport Layer Security (EAP-TLS)
CauseClient has been configured to use EAP-MD5 CHAP
RAS Server has been configured to use EAP/TLS
ResolutionWindows 2000 includes support for two new authentication protocols: Extensible Authentication Protocol and Transport Layer Security (EAP/TLS) for cryptographic smart cards, and MSCHAPv2 for security enhancements over MSCHAPv1. These are mutual authentication protocols in which both the client and the server prove their identities.

For successful authentication, both the remote access client and authenticator must have the same EAP authentication module installed. Windows 2000 provides two EAP types: EAP-MD5 CHAP and EAP/TLS. You can also install additional EAP types. The components for an EAP type must be installed on every remote access client and every authenticator.
Legacy Article IDa11388

Attachments

    Outcomes