NetMotion Mobility XE supports an external RADIUS server as its authentication server with PEAP authentication method. DualShield unified authentication platform includes a fully compliant RADIUS server – DualShield Radius Server. DualShield supports multiple EAP authentication methods (PEAP, EAP-TLS, GTC, MSCHAPv2 etc) with a wide selection of portable one-time password tokens in a variety of form factors, ranging from hardware tokens, software tokens, mobile tokens to USB tokens. These include:
- Deepnet SafeID
- Deepnet MobileID
- Deepnet GridID
- Deepnet CryptoKey
- X.509 Certificate
- RSA SecurID
- VASCO DigiPass Go
- OATH-compliant OTP tokens
In addition to the support of one-time password, DualShield also supports on-demand password for RADIUS authentication. The product that provides on-demand password in the DualShield platform is Deepnet T-Pass. Deepnet T-Pass is an on-demand, token-less strong authentication that delivers logon passwords via SMS texts, phone calls, twitter direct messages or email messages.
The complete solution consists of the following components:
- NetMotion Mobility XE client/server
- DualShield Radius Server
- DualShield Authentication Server
The document below provides general instructions for RADIUS authentication with the DualShield Radius Server:
VPN & RADIUS - Administration Guide
To set up MFA for NetMotion Mobility via RADIUS, follow the steps below:
- Prepare an SSL certificate for RADIUS server
- Configure DualShield for NetMotion MFA via RADIUS
- Configure NetMotion for RADIUS Authentication
- Configure Device Group for RADIUS Authentication
- User Experience in NetMotion MFA via RADIUS
- Known Issue with Repeated Logon Requests from NetMotion