I'm using radius (rsa) to authenticate GP users and can't get me head around the GP client configuration - specifically the section where you need to put a username and password. How can this be possible when the RSA token changes every minute?
Can someone shed some light on this please
I should follow up with the following:
I want to use the SSL functionality of the PA and not the full blown GP features. I'm trying to get the same functionality as the older netconnect client.
Sorry I should have been more specific.
Before we updated to 4.x we used net connect to connect to the PA using SSL VPN. We used our RSA tokens to authenticate. I already had RSA configured and working.
The problem we have is since moving to PA 4.x. The global connect client requires a username and password as part of it's configuration. My question is how can you put a password in this field when the RSA tokens changes every 60 seconds. its not viable.
How can users who are using RSA tokens and have a RSA radius profile set up on the PA for authenticaiton actually authenticate without having to put a token passcode into the global protect password every time they connecto the the PA?
Somethings missing and I can't figure it out....
We are having this same issue with no apparent resolution for the issue. We are pushing through support to get some answer so we can move forward otherwise we will need to stay on the 4.0.x code base as we have a mandate from the outside for two-factor in remote access.
I have not been using the globalconnect that much, but I am also aiming for using a 2factor authentication.
Right now I use the normal user/pass approach. So it dont work if you type in a new password in the globalconnect client before hitting the "connect" function?
Has Anybody resolved this issue yet becasue I am in the same boat and our customers are not happy. Because of the auto authentication function we keep locking the OTP and the accounts which is very annoying and my customer is thinking of moving.
I would recommend another solution for VPN personally, the RSA/GP solution is not enterprise ready to say the least.
My recommendation if you want to move with this LDPAP auth the portal, RSA the gateway
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!