We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda SSL VPN


This Product Is Going End-Of-Life and End-Of-Support

End-OF-Sales: As of 1st March 2019, all new sales for the Barracuda SSL VPN product have ceaved. Only renewals of software and hardware subscriptions are available for a limited time up to an expiration date of 30th November 2020.

End-OF-Life and End-Of-Support on 1st December 2020: All Barracuda SSL VPN sales will cease; neither new sales nor any renewals will be available. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support and services until your contract expires, or until Dec 1st, 2020, whichever occurs first.

Hardware Token Authentication

  • Last updated on

Two factor or multi-factor authentication is considered to be strong authentication because it requires two factors:

  • Something only the user knows (e.g., password)
  • Something only the user has (e.g., mobile phone)

For the Barracuda SSL VPN, hardware solutions are based on two different authentication mechanisms: the RADIUS and the SSL Client Certificate authentication modules.

Hardware token authentication using SSL client certificates

The token or smart card contains an SSL client certificate which is used to authenticate to the system. Some vendors require software installed on the client or card readers, depending on the solution. 

  • SafeNet iKey 2032
  • Aladdin eToken PRO
SafeNet iKey

The SafeNet iKey uses a small USB device that is typically carried on a key chain by users. It uses SSL client certificates to present a certificate to the Barracuda SSL VPN. For more security, users must also enter a secret passphrase. The client computer must have a special utility (CIP) installed, which uploads the certificate on the USB token to the Windows certificate store. The browser then uses this certificate when authenticating to the Barracuda SSL VPN.

Aladdin eToken PRO

Similar to the SafeNet iKey, the Aladdin eToken uses an SSL client certificate to authenticate. It also uses special software that must be manually installed on every client computer.

Hardware token authentication using RADIUS integration

Other hardware token authentication servers use a built-in or external RADIUS server. The Barracuda SSL VPN queries the RADIUS server as a part of its multi-factor authentication process, allowing the use of OTP and CryptoCard tokens.

  • RSA SecurID
  • VASCO Digipass Token
  • Secure Computing Safeword


RSA SecurID uses its built-in RADIUS server to enable communication between the appliance and the RSA server. With an Active Directory user database, using RSA SecurID is especially powerful because you can centrally manage the account with both the appliance and RSA Authentication Manager reading accounts from your Active Directory domain.

For more information, download the RSA SecurID Ready Implementation Guide (PDF).

VASCO Digipass

A VASCO server can authenticate with the Barracuda SSL VPN via an external RADIUS server. The VASCO server currently does not include a RADIUS server.

Secure Computing Safeword

Safeword servers include a RADIUS feature that can be used to authenticate to the Barracuda SSL VPN. Note that Safeword requires an Active Directory database and Internet Authentication Server (IAS) installed on the domain controller.

Last updated on