CheckPoint Securemote and SecurID with WM 2003

[Guest]

Archived from groups: microsoft.public.pocketpc (More info?)

IPAQ 2210, Socket CF Wireless card. Trying to get CheckPoint Securemote
working with SecurID authentication. It does not seem to work (there is
only a place for username and password). Does anyone know for sure if
SecurID authentication is supported by the WM 2003 version of
Securemote? If so, how did you get it working?

I know this is more of a CheckPoint question, but their KB or
documentation does not say anything about this, and Google has been
fruitless so far. I thought I'd try here from the Pocket PC side and see
if anyone knew for sure.

Thanks,

ws

 

[Guest]

Archived from groups: microsoft.public.pocketpc (More info?)

I've been able to get it working with my ipaq 5550 although sometimes it's a bit flakey. Here is the process I go through

First, while you are connect to you external wifi source, you have to create a shortcut using the button on the lower left. You need to enter the IP of the server from the sys admin. Then it will do whatever verification it needs to do using the wifi connection. If all goes well you should end up with a shortcut. (which you don't have to use unless you need to re-establish the link)

After that you can set the password, easier to do then trying to enter it during the initial remote access.

Tools->Set Password enter your remote access information.

Next when you try to access the internal site, maybe while getting email, you should see it check id's and come back with confirmation and you're in.



Hope this helps.



P.S. I've had some conflicts with this software when trying to sync with my laptop. I know there is a setting to allow all activesyncs but the conflict still occurs. The problem could be a number of places haven't really had the time to track it down.

nntp/news.microsoft.com/microsoft.public.pocketpc/<QP2Cd.15581$c%.14467@okepread05>

IPAQ 2210, Socket CF Wireless card. Trying to get CheckPoint Securemote
working with SecurID authentication. It does not seem to work (there is
only a place for username and password). Does anyone know for sure if
SecurID authentication is supported by the WM 2003 version of
Securemote? If so, how did you get it working?

I know this is more of a CheckPoint question, but their KB or
documentation does not say anything about this, and Google has been
fruitless so far. I thought I'd try here from the Pocket PC side and see
if anyone knew for sure.

Thanks,

ws


[microsoft.public.pocketpc]

 

[Guest]

Archived from groups: microsoft.public.pocketpc (More info?)

wadester queried the newsgroup:

> IPAQ 2210, Socket CF Wireless card. Trying to get
> CheckPoint Securemote working with SecurID authentication.
> It does not seem to work (there is only a place for username
> and password). Does anyone know for sure if SecurID
> authentication is supported by the WM 2003 version of
> Securemote? If so, how did you get it working?

RSA recently published a new implementation guide for how to configure
the SecuRemote/SecureClient for using the SecurID software token and
the RSA Authentication Manager (aka ACE/Server) on a FW-1/VPN-1
Gateway. See: <http/tinyurl.com/4tl3o>.

You might also want to review the RSA implementation guide for Exchange
Server ActivSynch useful. See: <http/tinyurl.com/6z6og>.

I presume you have version 2.0 of RSA's SecurID app for MWM 2003 Pocket
PC (which is available at <http/tinyurl.com/7x6dn>), but you might
also want to double-check your version number.
..
Hope this is helpful.

Suerte,
_Vin

 

[Guest]

Archived from groups: microsoft.public.pocketpc (More info?)

Brian H wrote:
> I've been able to get it working with my ipaq 5550 although sometimes it's a bit flakey. Here is the process I go through
>
> First, while you are connect to you external wifi source, you have to create a shortcut using the button on the lower left. You need to enter the IP of the server from the sys admin. Then it will do whatever verification it needs to do using the wifi connection. If all goes well you should end up with a shortcut. (which you don't have to use unless you need to re-establish the link)
>
> After that you can set the password, easier to do then trying to enter it during the initial remote access.
>
> Tools->Set Password enter your remote access information.
>
> Next when you try to access the internal site, maybe while getting email, you should see it check id's and come back with confirmation and you're in.
>
>
>
> Hope this helps.


I'm glad you've had luck with it. My issue is really more that it does
not seem to support SecurID, which is the authentication mechanism we
use with Securemote.

ws

 

[Guest]

Archived from groups: microsoft.public.pocketpc (More info?)

Vin McLellan wrote:
> wadester queried the newsgroup:
>
>
>>IPAQ 2210, Socket CF Wireless card. Trying to get
>>CheckPoint Securemote working with SecurID authentication.
>>It does not seem to work (there is only a place for username
>>and password). Does anyone know for sure if SecurID
>>authentication is supported by the WM 2003 version of
>>Securemote? If so, how did you get it working?
>

> RSA recently published a new implementation guide for how to configure
> the SecuRemote/SecureClient for using the SecurID software token and
> the RSA Authentication Manager (aka ACE/Server) on a FW-1/VPN-1
> Gateway. See: <http/tinyurl.com/4tl3o>.
>
> You might also want to review the RSA implementation guide for Exchange
> Server ActivSynch useful. See: <http/tinyurl.com/6z6og>.
>
> I presume you have version 2.0 of RSA's SecurID app for MWM 2003 Pocket
> PC (which is available at <http/tinyurl.com/7x6dn>), but you might
> also want to double-check your version number.

Actually, no, I have a SecurID hardware keyfob. CheckPoint's Securemote
client (on the PC, anyway) natively supports SecurID without having to
install any clients. I was assuming that the one for PPC would as well,
but it does not appear that way. Looks like I'm out of luck until CP
decides to add the support.

ws

 

[Guest]

Archived from groups: microsoft.public.pocketpc (More info?)

Wadester, don't turn this into a celebration of ignorance;-) Break down
and call Checkpoint or RSA Customer Support and talk to someone who
actually *knows* about how these devices should be used together!

RSA's SecurID requires only an authentication server (RSA
Authentication Manager) and an RSA Authentication Agent installed at
the SecuRemote Server, both of which you've got. Nothing in the RSA
authentication scheme requires any RSA software on your IPAQ.

Clearly, no one (me included) has responded to your initial message who
knows anything about how strong authentication can be used with
SecuRemote on a handheld. My assumptions about your situation were all
wrong. Others may have been similarly misled. Yet all the critical
pieces are there! It doesn't make sense to declare them unusable
without getting more informed advice.
..
Surete,
_Vin

==============================

Vin <me> wrote:

>> I presume you have version 2.0 of RSA's SecurID app for MWM 2003
>> Pocket PC (which is available at <http/tinyurl.com/7x6dn>),
>> but you might also want to double-check your version number.

Wadester replied:

> Actually, no, I have a SecurID hardware keyfob. CheckPoint's
> Securemote client (on the PC, anyway) natively supports SecurID
> without having to install any clients. I was assuming that the
> one for PPC would as well, but it does not appear that way.
> Looks like I'm out of luck until CP decides to add the support.