Logo
About Us
Partners
Product Information
Latest News
Support
FAQs
Version Changes
Administrator's Manual
Links & Resources
Product Announcements
Howto Guides
Site Map

Technical difficulties
or feedback:
webmaster@cequrux.com 		  Home Contact Us Support home

CEQURUX - RSA Authentication for TCP Proxies

These instructions will attempt to assist you in setting up a TCP proxy with RSA authentication. In this example we will be setting up TCP proxies for POP3 and SMTP so users can collect mail from the internal mail server via dial-up.

We assume you are familiar with importing keys on the firewall either on the command line or via KeyAdmin.

Step 1 - Setting up Authentication Agent for Windows (CLIENT)

Authentication Agent for Windows can be downloaded from: www.cequrux.com/support.html

  1. Install Auth Agent on the client PC.
  2. Run the Configuration Manager, Click the RSA tab. fig 1
  3. If you already have a RSA key Import it.
  4. If you do not have a RSA key select New. A key will be generated for you.
  5. 1024 key bits should be sufficient.
  6. Enter a password when prompted.
  7. Now under RSA Public Key select Save As, username_pub (Don't change the default file extension).
  8. Now Click Firewalls, Add. fig 2
    Host: 1.2.3.4 (Your firewall's external IP)
    Username: username
    Authentication Type: RSA

Step 2 - Importing the Public Key (FIREWALL)

You can either import the public key to the firewall using KeyAdmin or you can FTP it to the server and import it with addkey. The important thing to note here is that the username you use when importing the public key needs to match that of your host entry in AuthAgent.

Step 3 - Setting up User Groups (FIREWALL)

If you intend on having more than one person connect to your RSA TCP proxy you need to setup a named group. This is best done with fwadmin

  1. fwadmin
  2. other keys, setup, access control, named groups, user groups
  3. Make a new group called: extmail fig 3
  4. Now edit the group. Type in the same username(s) you specified when importing the RSA Public Key(s). fig 4
  5. done, done, done

Step 4 - Setting up your TCP Proxies (FIREWALL)

While you're in fwadmin why not setup the proxies?

  1. (other keys, setup, access control), services, TCP Proxies
  2. Add a proxy for POP3: fig 5
    Port: 10110 (We use a high port firstly because it won't interfere with anything else and secondly obscurity provides a little extra security)
    User/Group: [extmail] (NOTE: the [] are required when using a group)
    Authenticate using: RSA
    Relay To Host: 5.6.7.8 (The IP of your internal mail server)
    Port: 110 (Assuming of course your internal mail server runs on the standard POP3 port)
  3. Add a proxy for SMTP: fig 6
    Port: 10025
    User/Group: [extmail]
    Authenticate using: RSA
    Relay To Host: 5.6.7.8
    Port: 25
  4. Save your settings and exit

Step 5 - Configuring your mail client and connecting (CLIENT)

You now need to configure you mail client to point to the firewall with the ports you specified in your TCP Proxies. The mail server you now connect to will be the external IP address of the Firewall. In both Outlook and Outlook Express under the Advanced settings you can specify the port number of your SMTP and POP3 server. fig 7 Other mail clients may have similar settings.

A quick rundown:
Dial-up to your ISP
Launch AuthAgent
Launch you mail client
Hit send recieve
You will be prompted for your RSA password
And if all went well your mail should download!

Revision History

Author: Emile Coetzee
Created On: 23/06/2003