User`s guide
Table Of Contents
- Ascend Customer Service
- How to use this guide
- What you should know
- Documentation conventions
- How to use the on-board software
- Manual set
- Configuring WAN Connections
- Configuring IP Routing
- Introduction to IP routing on the Pipeline
- Managing the routing table
- Parameters that affect the routing table
- Static and dynamic routes
- Configuring static routes
- Specifying default routes on a per-user basis
- Enabling the Pipeline to use dynamic routing
- Route preferences
- Viewing the routing table
- Fields in the routing table
- Removing down routes to a host
- Identifying Temporary routes in the routing table
- Configuring IP routing connections
- Ascend Tunnel Management Protocol (ATMP)
- IP Address Management
- Connecting to a local IP network
- BOOTP Relay
- DHCP services
- Dial-in user DNS server assignments
- Local DNS host address table
- Network Address Translation (NAT) for a LAN
- Configuring IPX Routing
- How the Pipeline performs IPX routing
- Adding the Pipeline to the local IPX network
- Working with the RIP and SAP tables
- Configuring IPX routing connections
- Configuring the Pipeline as a Bridge
- Defining Filters and Firewalls
- Setting Up Pipeline Security
- Pipeline System Administration
- Pipeline 75 Voice Features
- IDSL Implementations
- APP Server utility
- About the APP Server utility
- APP Server installation and setup
- Configuring the Pipeline to use the APP server
- Using App Server with Axent SecureNet
- Creating banner text for the password prompt
- Installing and using the UNIX APP Server
- Installing and using the APP Server utility for DO...
- Installing and using the APP Server utility for Wi...
- Installing APP Server on a Macintosh
- Troubleshooting
- Upgrading system software
- What you need to upgrade system software
- Displaying the software load name
- The upgrade procedure
- Untitled
Setting Up Pipeline Security
Using security cards
Pipeline User’s Guide Preliminary January 30, 1998 7-19
For the Pipeline to place calls to a NAS at a secure site, it needs the appropriate
Connection profile specifying a token-based authentication mode.
The authentication mode configured in the Pipeline affects how the token
passwords are transmitted and how the dial-in user is affected by channels being
added to an established session.
The Pipeline requests the authentication mode with which it is configured, but the
RADIUS daemon and user profile accessed by the answering NAS determine
which mode will actually be used.
Requesting PAP-TOKEN mode
PAP-TOKEN is the default authentication mode used when the RADIUS profile
has a password of ACE or Safeword. It is an extension of PAP authentication.
When PAP-TOKEN mode is in use, the dynamic password (or code) supplied by
the user’s security card is sent in the clear (via PAP). This does not cause a
serious security risk because the password expires every 60 seconds (or at some
other very short interval of time).
The response to the initial password challenge authenticates the base channel of
the call. If bandwidth requirements cause another channel to come up, the user is
challenged for a password whenever a channel is added to a call.
Parameters used to configure the calling unit for PAP-TOKEN are set in the
following menus:
Ethernet
Connections
profile
Encaps options...
Send Auth=PAP-TOKEN
Send PW=*SECURE*
The Send Auth parameter specifies the authentication mode requested by the
caller (PAP-TOKEN). The Send PW password is sent as part of the initial session
negotiation. If the session then presents a password challenge, the user enters the
password obtained from the security card.