Nortel user authentication

Settle, Sean SeanSettle at ALLIANTFS.COM
Thu Jan 11 16:46:48 EST 2001


I am trying to configure two independent Nortel Contivity units to share
user ID information, but not group information.  Is this possible?  If so
would it require external LDAP or RADIUS?

The logic behind this works like this...

We have a "secure" environment that we need to be able to provide remote
access to.  We have two Nortel 1500 units in this environment, one which has
Split Tunneling enabled and one that does not.  A network diagram that
expresses this is below.  Currently I am maintaining user and group
information on the internal LDAP but the PHB types have decided that would
not be an acceptable solution to have separate user IDs and passwords for
the two boxes.  I tried using external LDAP but both of the units ended up
having the same group/filter/user information between the two of them and
that isn't the goal.  The network looks like this:

Internet <-> Nortel #1 <-> Secure environment (DMZ) <-> Nortel #2 <->
Internal network

Nortel #1 has split tunneling disabled to prevent user's home systems from
being used as an unintentional gateway into the secured environment, but the
internal environment allows all user's to split tunnel.  Selected user's who
run personal firewalls are allowed to have split tunneling enabled on Nortel
#1.  Thus on Nortel #2 a user would be a member of Base\Group 1\Split Tunnel
but on Nortel #1 be a member of \Base\Group 1 typically, with some user's
being a member of \Base\Group 1\Split Tunnel as well.

Is what I'm trying to do possible or am I barking up the wrong tree?

Sean Settle
"To sin by silence when we should protest makes cowards out of men" - Ella
Wheeler Wilcox
X Network Services Q NPC X
Phoenix, AZ
Phone:	480-496-5434
Fax:	480-496-5224
SMTP:	seansettle at alliantfs.com

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list