Windows Routing and Remote Access Service - RADIUS Configuration with Cloud Access Service - RSA Ready Implementation Guide
6 months ago

This article describes how to integrate Cloud Access Service (CAS) with Windows Routing and Remote Access Service (RRAS) using RADIUS.

         

Configure CAS

Perform these steps to configure CAS using RADIUS.
Procedure

  1. Sign in to RSA Cloud Administration Console.
  2. Navigate to Authentication Clients > RADIUS.
  3. Click Add RADIUS Client and Profiles.
  4. On the RADIUS Client page, enter the following:
    1. Name: Enter a descriptive name for the RADIUS client (Windows RRAS server).
    2. IP Address: Enter the IP address of the RADIUS client (Windows RRAS IP address).
    3. Shared Secret: Create and enter a secure shared secret. This secret will be used for secure communication between the RADIUS client and the RADIUS server.
  5. Click Save and Next Step, and then click Finish to complete the configuration.
  6. Click Publish Changes to apply your changes to the RADIUS server and wait for the process to be completed.

  

Notes

  • CAS RADIUS server is configured to listen on UDP port 1812. 
  • Shared Secret must be an alphanumeric string between 1 and 31 characters in length and is case-sensitive.

     

Configure Windows RRAS

Perform these steps to configure Windows RRAS.
Procedure

  1. Log on to the RRAS Windows server.
  2. Open the Routing and Remote Access configuration on the server.
  3. In the left pane, right-click the server name and click Properties
  4. On the Server Properties page, navigate to the Security tab.
  5. Under Authentication provider, choose RADIUS Authentication.
  6. On the same window, click Configure next to RADIUS Authentication.
  7. On the Configure window, click Add to add the RSA RADIUS server details.
  8. On the Add RADIUS Server window, enter the details of the RADIUS server and click OK.
    1. Server name: Name for the RSA RADIUS server.
    2. Shared secret: RADIUS secret between the RADIUS client and server. This should match the secret configured in RSA.
    3. Time-out: Increase the timeout to 15 seconds.
    4. Port: Leave port 1812 as the default port used for RADIUS.
  9. In the Security tab, click Authentication Methods.
  10. Select the Unencrypted password (PAP) checkbox and click OK

Note: The VPN client used should also be configured to use PAP to match what is configured in RRAS.
In the preceding screenshot, a pre-shared key (PSK) was used for L2TP/IPsec for simplicity. This should match the PSK configured in the VPN client.
  

 

The configuration is complete.

Related Articles

Trending Articles

Don't see what you're looking for?