Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Configuring Web-Authentication using secure ID in Dynamic VPN



Article ID: KB21898 KB Last Updated: 03 Oct 2011Version: 1.0
This article describes how to set up Web Authentication using Secure ID on SRX, only for initial web-authentication in Dynamic VPN.
  • This configuration is used only to perform the initial WEBAUTH process.

  • The client used for this setup is Juniper Access manager.

  • Secure ID server cannot be used for the XAUTH authentication process.

  • For XAUTH verification, you still need a radius server or SRX local authentication. For more information, refer to KB21185 - Is SRX Dynamic VPN with RSA SecurID Authentication supported?

  • Use an external RSA server to generate the sdconf.rec file.

  • Include the sdconf.rec file on the SRX device to indicate the external RSA server as the Secure ID server.

  • Define the authentication order as the Secure ID to inform external authentication.

  • Configure the firewall users to client for authentication.

To configure secure ID for authentication, perform the following procedure:
  1. Create the SRX device profile on the RSA server and export the information to the sdconf.rec file. The images below are the two sample configurations on an external RSA server:


  2. Configure the external RSA server to be the secure ID server by loading the sdconf.rec file onto the firewall. For example, you can save the file under /var/db/secureid/<server-name>/sdconf.rec.
    # set access securid-server name <server name> configuration-file “ /var/db/securid/<server name>/sdconf.rec”
  3. Configure the Secure ID in authentication-order for external authentication by RSA server. This will enable user authentication by using only the RSA server.
    # set access profile profile1 [securid]
  4. Include the users under the Dynamic VPN hierarchy.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search