Resources > Computer Support > Documentation > Converting VPN to use SecurID

Main | VPN | Computer Backup Policies | Safe Computing | Documentation | MS Office Tips

Converting Your Current VPN Connection to use SecurID

Security concerns over the latest virus/worm threats have forced us to deploy the SecurID system for VPN access. This system is the same one used by our Unix servers, so those of you with existing SecurID cards can use those for access. Those without cards should contact Computer Support to have one assigned.

The SecurID system plug-in for VPN access only supports Windows 2000 and Windows XP systems. Windows 95/98/ME and non-Microsoft systems are not supported.

Unfortunately, the installation process is a bit complex, since RSA (the makers of the SecurID system) uses the same installer for multiple methods of controlling access. Use the following procedure to install and configure your VPN connection to use the SecurID system:

1. Log in to your system using the administrator's account or an account that is part of the Administrator group.
2. Download Agent.exe and then run it. The RSA ACE/Agent 5.5 for Windows Setup screen displays, and the installation wizard program starts.
3. Click OK to continue.
4. In the Information dialog box, click OK.
5. The Welcome dialog box is displayed. RSA Security recommends that you exit all programs before you install the RSA ACE/Agent 5.5 for Windows.
6. Click Next to continue.
7. Check the radio button for North America (the top radio button) and click Next.
8. Click Yes to accept the Software License Agreement and display the Select Components screen.
9. In the Select Components screen, check RSA EAP Client only. Leave all other checkboxes blank.

Compoenents diaglog box


10. Click Next.
11. You do not need to provide the location of your RSA ACE/Server sdconf.rec file. Installing only the RSA Security EAP client on a remote machine does not require the sdconf.rec file (if there is a file path listed in the dialog, erase it).

sdconf.rec dialog box


12. Click Next.

registration dialog box

13. Uncheck the box labeled "Register now."
14. Click Next.
15. You are prompted to restart the client computer. Select "Yes, I want to restart my computer now."
16. Click Finish. The machine should reboot.

Once the machine reboots, you will have to configure your existing VPN connection to use SecurID (please note that if you do not have an existing connection on your machine you must create one before proceeding with the following instructions. See the "Using LLE's Virtual Private Network" Web page for set up directions):

1. Windows 2000: Click Start > Settings > Network and Dial-up Connections.

Windows XP: Click Start > Control Panel > Network Connections > VPN Connection.
Select the name of the connection to open the Connect dialog box.

Connect VPN dialog box
Your user name should appear in the “User name:” field above. You do not have to change any of the fields on this dialog.

2. Click Properties. Then select the Security tab.
3. On the Security properties sheet, select the Advanced radio button. Then click the Settings button. The following dialog box will display:

Advanced security settings dialog

4. In the Data Encryption drop-down menu, select Require Encryption.
5. Select the Use Extensible Authentication Protocol radio button. Then select RSA Security EAP (encryption enabled) in the drop-down menu.
6. Click OK to accept the Advanced Settings, and then OK again for the Settings dialog.