Filter
Top Products
VPNremote for 4600 Series IP Telephone Installation and Deployment
Avaya Inc. - Proprietary
Use pursuant to Company Instructions.
24
Juniper/Netscreen NS Series Screen OS 5.3
Juniper/Netscreen ISG Series Screen OS 5.3
Cisco systems Inc Concentrator 3000 series 4.7
12.2 Does VPNremote phone support authentication using SecureID from RSA?
VPNremote phone has been tested with all the devices listed in previous section using
SecureID from RSA. If VPNremote phone does not behave as expected please verify that
the manufacturer provide native IPsec client is working as expected before contacting
Avaya support. The regular user authentication should always work but there could be
issues in new PIN and next token mode. This usually happens when a user enters wrong
password multiple times or user is supposed to create/accept server generated pin.
12.3 What are special consideration required when using SecureID from RSA for
authenticating VPNremote phone users ?
RSA ACE server can be configured to
Generate a PIN when secureID token is used for the first time and prompt the user to
accept the PIN.
OR
Prompt the user to enter a PIN when secureID token is used for the first time.
You should avoid configuring the ACE server to generate a PIN because this will
typically require end user to enter ‘y’ in the password field which is not possible if you
have set the password type to 3 (One Time Numeric).
12.4 How is the Preshared Key and Password stored by VPNremote Phones?
There are specific vulnerabilities associated with the Xauth and PSK method of
establishing a VPN. The person who has access to the network and knows the PSK can
use a person-in-the-middle attack to recover another users personal ID and password.
Some organizations may mitigate this vulnerability by keeping the PSK secret from the
users of the VPNphones. This can be accomplished by using the procedures in section 8
above away from the end users. When the phone is presented to the end user, the PSK is
stored in flash and not available to the user. However, the phone is now a sensitive
device so its loss can give away the PSK for all the users of the group. The other method
is to make sure all users of a group are equally trusted and they are advised of the
consequences of attempting to recover another group member’s user ID and password.
12.5
My SOHO router supports QoS, How do I use it for VPNremote phones?
QoS is an IP capability that allows some packets to be flagged as priority packets. Those
packets that support Real Time Protocol (RTP) for video and IP telephony are given
priority over other packets. Many SOHO gateways support QoS and they each have
different methods of signifying a device as getting priority treatment. Refer to the SOHO