Configure Initial Network Settings Using the Identity Router VM Console

Document created by RSA Information Design and Development on Jul 13, 2016Last modified by RSA Information Design and Development on Sep 15, 2017
Version 19Show Document
  • View in full screen mode
 

Configure initial network settings using the Identity Router VM Console to enable the identity router virtual appliance to communicate with other resources in your environment over two separate virtual network interfaces.

You need to set network parameters for two separate network interfaces that the identity router uses to communicate with all resources in your RSA SecurID Access deployment:
  • Management interface. Connects to DNS servers, identity sources, authentication sources, RADIUS clients, and the Cloud Authentication Service.
  • Proxy interface. Connects to end users and web applications, and hosts the RSA SecurID Access Application Portal.

You also specify the primary DNS server, and if necessary, a static route for specific network traffic.

The Welcome page provides navigation instructions for the Identity Router VM Console.

Note:  Avoid pressing the Windows key or Option key. These keys shift application focus away from the console. If the console loses application focus, press the Windows or Option key repeatedly to cycle focus back to the console before proceeding.

 

Before you begin 

 

Procedure 

 
  1. Connect to the identity router using your VMware administration client or Hyper-V Manager.
  2. Sign into the Identity Router VM Console using the identity router administrator credentials.

    If you are the first administrator to sign in to this console for this identity router, use these credentials:

    Username: idradmin

    Password: s1mp13

    The Identity Router VM Console and Identity Router Setup Console for each identity router share the same sign-in credentials. These credentials are separate from your RSA SecurID Access administrator account credentials, and are managed independently for each identity router. You are required to change these credentials the first time you sign into the Identity Router Setup Console for each identity router.

  3. To designate the management interface address, refer to the RSA SecurID Access Solution Architecture Workbook for the management interface values for this identity router, and do the following:  
    1. Select Management in the left-hand frame.
    2. In the IP field, enter the IP address for the management interface.
    3. In the Netmask field, enter the subnet mask for the management interface.
    4. In the Gateway field, enter the gateway address for the management interface.
    5. Press F10 to save the management interface configuration.
  4. To designate the proxy interface address, refer to the RSA SecurID Access Solution Architecture Workbook for the proxy interface values for this identity router, and do the following:  
    1. Select Proxy in the left-hand frame.
    2. In the IP field, enter the IP address for the proxy interface.
    3. In the Netmask field, enter the subnet mask for the proxy interface.
    4. In the Gateway field, enter the gateway address for the proxy interface.
    5. Press F10 to save the proxy interface configuration.
  5. Select DNS in the left-hand frame.
  6. In the IP field, enter the first IP address listed in the DNS Server section of the RSA SecurID Access Solution Architecture Workbook.
    The identity router uses this DNS server to resolve the hostname of the Cloud Authentication Service the first time it connects.
    You can specify additional DNS servers using the Identity Router Setup Console for this identity router after you complete this procedure.
  7. (Optional) If your network environment requires the identity router to use a static route to communicate with the Cloud Authentication Service , select Static route in the left-hand frame, and do the following:  
    1. In the IP field, enter the IP address for the Cloud Administration Console from the RSA SecurID Access Solution Architecture Workbook.
    2. In the Netmask field, enter the subnet mask for the static route.
    3. In the Device field, enter eth0 to designate the static route for connections using the management interface, or enter eth1 to designate it for the proxy interface.
    4. In the Gateway field, enter the gateway address for the static route.
    5. Press F10 to save the static route configuration.
    You can specify additional static routes using the Identity Router Setup Console for this identity router after you complete this procedure.
  8. Select Commit in the left-hand frame to save the network configuration settings.
    The console displays a progress bar and status messages while saving your settings.
  9. (Optional) To verify that the identity router can communicate using the configured settings, select Diagnostics in the left-hand frame, and do the following:  
    1. Check that the eth0 State is up.
    2. Check that the address in the eth0 IP field matches the value you entered for the management interface in step 3, and that the address you entered is correct.
    3. To test communication with a specific network address, enter the IP address in the Ping field, and select Test.
      If the identity router receives a response from the specified address, a success message appears.
    4. Open a web browser on another computer on your network, and verify that navigation to https://<managementIP>/setup.jsp is possible, where <managementIP> is the IP address you entered for the management interface in step 3.
      It is normal to receive an SSL warning when accessing this page, because the identity router uses a self-signed certificate for connections to the management interface.
 

Results 

The identity router can communicate with other resources in your network.

 

 

You are here
Table of Contents > Identity Routers > Configure Initial Network Settings Using the Identity Router VM Console

Attachments

    Outcomes