Thread: SecureClient on Pocket PC with SecurID
View Single Post
  #5 (permalink)  
Old 2005-11-17
jrdld jrdld is offline
Junior Member
  
Join Date: 2005-11-11
Posts: 23
Rep Power: 0
jrdld has an average reputation (10+)
Default Re: SecureClient on Pocket PC with SecurID
Here's a quote from the "Supported Features" section of the PPC release notes:

6 Topology download (New Site and Update Site) is supported in the following ways:
• Unauthenticated, if the option Respond to unauthenticated topology requests is
enabled on the Management station, topology data is not authenticated and not
encrypted (it is signed, however).
This method is supported only when the Site is defined as the Management server,
and it is of version NG FP1 or older (NG FP2 Management no longer supports this
method).
• Authenticated, the user defines the Site as one of the Gateways. The user needs to
have a Certificate or an IKE pre-shared secret and should be defined in the User
Properties Encryption tab.
• Topology User, if you are not using IKE pre-shared secrets for general authentication
and encryption, you can define a Topology User (for New Site and Update Site
operations) in the following way:
Check Point SecureClient for Pocket PC 2003 5
Define one user (with IKE authentication enabled) to be used by all remote users
only for defining and updating sites. You should block encryption capabilities for this
user. To implement this workaround, proceed as follows:
a In the Location tab of the user’s User Properties window, set Source and
Destination to None.
b In the Time tab of the user’s User Properties window, uncheck all the days.
c In the Desktop Security tab of the Properties Setup window, uncheck Respond to
unauthenticated topology requests.

7 Supported authentication schemes (for IKE) include PKCS#12 certificates and any
challenge-response mechanism, including User/Password, One Time Passwords (RSA
SecureID) etc.
The user can enter a SecureID pass-code by selecting User/Password in the
Authentication window, entering the RSA user-id in the user field, and the PIN
followed by the token code in the password field. New Pin mode is also supported.

They're claiming that both topology download and SecurID are supported, although I don't see the relevance of topology download to my problem.

Incidentally, I'm using a "tested device", the iPAQ 5550.

JR
Reply With Quote