Some VPN clients and VPN gateway devices such as CISCO and Checkpoint The majority of main stream VPN products, such as Cisco and Checkpoint etc, support RADIUS Challenge/Response authentication mode. When a user attempts to logon, the Radius server will send a challenge code to the Radius client and prompts the user to enter the response code. To support Challenge/Response, you will need to create a logon procedure with two logon steps.
We can utilize this feature to implement a two-step verification process for VPN logins.
The 2-step logon process will be as below:
- Step 1: The VPN client will ask the user to enter their static password
- Step 1: The users enters a static password
- The server checks the validity of the user’s static password.
- Step 2: If the server verifies successfully verified the user's static password, then it generates a challenge code, sends it to the user, then prompts will prompt the user to enter the response2nd credential.The user will use their token to generate a response code by entering the challenge code, and enters it to continue.
- Step 2: The user enters the 2nd credential, such as one-time password, to continue.
- The server checks the validity of the user’s 2nd credential.
In DualShield, you will need to create a logon procedure with two logon steps.
NOTES
If you have a logon procedure with two or more logon steps, and you place more than one authenticator (including an on-demand password in a logon step), then the order of the authenticators is significant.
...