Checkpoint SecureRemote Logon before NT Domain Logon

[thenetworker]

I have a Nokia running Checkpoint which NATs
all incoming SecureRemote clients in the DMZ
and uses internal LAN RADIUS server which points to
Secure ID Ace server for autentication.(That all works)
My question is on how to make the SecuRemote client
logon(box)pop-up prior to the NT Domain login
so that I can achieve a SecureRemote authentication
through my VPN box before logging on to NT Domain?
One of the reasons is that I don't want to maintain local NT user accounts/passwords on NT4/W2K Pro workstations for my remote users in addition to it being a security policy violation.

 

[thenetworker]

Don't forget that the authentication is with Secure ID token
which means I can't enable(I don't think?) the SDL features
because the Secure ID password is different each time becuase of the secure id token.

 

[matoi]

Hi,

You must LOG ON in the NT or WIN2000 first as local user (Login Local), then the Secure Remote Client starts and from then on the communication becomes encrypted. You can't encrypt data until you're logged on the NT box.

1. Log On (Local or Remotely)
2. Encrypt

Regards,

Matoi