When building authentication scripts, good testing tools are critical, and it's here that NavisRadius truly shines. Lucent supplies a good selection of test tools, including a real-time packet decoder, NAS simulator for load testing and VPN test client. During our tests, we forgot to reboot our server, and the errors rolling through the debugger pointed us to what had happened. We did run into some problems related to the product's understanding of global groups in our Windows domain controller--we thought they'd been set up, but the product disagreed. Turns out our NavisRadius machine wasn't registered as part of the domain--once that was done, things worked much better.
After setting up the Windows AD and SAM (Software Asset Management) authentication, building a Microsoft RAS (Remote Access Services)-based client-to-server VPN was very easy. We established accounting messages that would flow from the NavisRadius server, and setup went off without a hitch.
We then set out to develop a multistage authentication routine. The plug-in (authen-t) we were using had a couple of minor coding hiccups that affected our ability to authenticate. We ran traces on authentication attempts and localized the problems, then went into the plug-in, made a couple of simple changes and got the authentication running just fine. The scripting language is a basic object-oriented language that will look familiar to anyone who has worked in C++ or Java, and solid debugging tools made developing and tweaking scripts a breeze. Documentation within the scripting language is good. We're security geeks, not coders, but we felt comfortable even when building custom authentication routines.
The management console is Java-based; despite that, it performed well. We used the console to see active connections, statistics on connection attempts, error conditions and live traffic flows.
NavisRadius has neither native tokens nor a token engine but works with those from Accent, RSA and SafeWord. For other token types, you'll have to create custom plug-ins, and regardless of the tokens chosen, you must run the token-authentication server separately. Lucent provided custom plug-ins to work with our SafeWord system, using SafeWord methods and libraries built into NavisRadius. We encountered some interesting complications in making the two work together; for example, standard port assumptions from NavisRadius didn't match the port assignments on the SafeWord server we had in place, but changing the NavisRadius port assignment was a five-click process.
Discover the benefits of scalable backbone and network services for application and cloud providers.
Network automation is gaining momentum. Here's how you can drive this powerful technology to its full potential.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
