nordic edge ASA 5500 Скачать руководство пользователя страница 44 | Manualshive

Страница: 44 / 49

background image

Installation

Guide

Login successful, the user will now get to his portal, which can

be customized depending on Active Directory membership, PC health status

( antivirus , hotfix etc ) and authentication method

www.nordicedge.se

Copyright, 2008, Nordic Edge AB

Page

44

of

49

«
...
42
43
44
45
46
...
»

Содержание ASA 5500

Страница 1: ...lete installation guide for securing the authentication to your Cisco ASA 5500 solution with Nordic Edge One Time Password Server delivering two factor authentication via SMS to your mobile phone For both clientless SSL VPN and Cisco VPN Client Strong Authentication for Cisco ASA 5500 Solutions with Nordic Edge One Time Password Server Page 1 of 49 ...

Страница 2: ... manager page 17 6 3 1 Nordic Edge SMS Plugin 18 6 4 Nordic Edge SMS Page 19 6 5 Radius Client page 20 6 5 1 Enable Radius 21 6 6 Add client 22 6 7 Configure LDAP 23 6 7 1 Test LDAP Connection 23 6 7 2 Selecting Search Base DN 25 6 7 3 Select Search filter 27 6 7 4 Test LDAP Authentication 29 7 START THE ONE TIME PASSWORD SERVER 31 8 ADD MOBILE PHONE NUMBER WITH MICROSOFT MANAGEMENT CONSOLE 32 9 C...

Страница 3: ...9 6 6 Edit Connection Profile Clientless SSL VPN Settings 41 9 6 7 Add Group URL if user should be able to select authentication by specifying URL 41 9 6 8 If user should be allowed to select authentication method by drop down list 41 9 6 9 select this item 41 10 CONFIGURING ASA5500 FOR CISCO VPN CLIENT AUTHENTICATION WITH NORDIC EDGE OTP SERVER 45 10 1 Add a new or Edit an existing Cisco VPN Clie...

Страница 4: ...ation process you are most welcome to contact us at support nordicedge se and we will take you through the entire process 2 Prerequisites You will need to have a server available for example a VMware virtual machine with Windows Server 2003 installed with Ethernet in bridge mode The server needs to have an ip address configured and must also be able to reach your DNS servers your Cisco 5500 ASA so...

Страница 5: ...Installation Guide 4 Getting started 4 1 1 1 Download the software Go to www nordicedge se and click on Download www nordicedge se Copyright 2008 Nordic Edge AB Page 5 of 49 ...

Страница 6: ...Installation Guide 4 2 Register and download the software www nordicedge se Copyright 2008 Nordic Edge AB Page 6 of 49 ...

Страница 7: ... receive a link for downloading the software A 30 days evaluation license will be sent via e mail when you download the software Download the version with JAVA included www nordicedge se Copyright 2008 Nordic Edge AB Page 7 of 49 ...

Страница 8: ...Installation Guide www nordicedge se Copyright 2008 Nordic Edge AB Page 8 of 49 ...

Страница 9: ...lation Guide 5 Installation 5 1 Start the installation Start the installation on the server where you want to install the One Time Password Server www nordicedge se Copyright 2008 Nordic Edge AB Page 9 of 49 ...

Страница 10: ...Installation Guide www nordicedge se Copyright 2008 Nordic Edge AB Page 10 of 49 ...

Страница 11: ...ense dat that you have received via e mail This is important since if you want to request a demo SMS account at Nordic Edge later in the installation you need to install the license at this moment www nordicedge se Copyright 2008 Nordic Edge AB Page 11 of 49 ...

Страница 12: ...Installation Guide Note if you are in a test phase we recommend that you do not install the OTP Server as a Windows Service www nordicedge se Copyright 2008 Nordic Edge AB Page 12 of 49 ...

Страница 13: ...Installation Guide www nordicedge se Copyright 2008 Nordic Edge AB Page 13 of 49 ...

Страница 14: ...Installation Guide www nordicedge se Copyright 2008 Nordic Edge AB Page 14 of 49 ...

Страница 15: ...de 6 Configuring the One Time Password Server 6 1 Start the OTP Configuration Start the OTP Configurator by clicking on Programs NordicEdge OTP Configurator www nordicedge se Copyright 2008 Nordic Edge AB Page 15 of 49 ...

Страница 16: ...ord and for how long it should be valid Default is 5 minutes You can also set a default country prefix which means that you will not need to state it in the mobile attribute The One Time Password communicates with TCP protocol portnr 3100 www nordicedge se Copyright 2008 Nordic Edge AB Page 16 of 49 ...

Страница 17: ...anager page you can configure all methods and in which order you want to use them In this case we will be using Nordic Edge SMS gateway to deliver the one time password via SMS to your mobile phone www nordicedge se Copyright 2008 Nordic Edge AB Page 17 of 49 ...

Страница 18: ...Installation Guide 6 3 1 Nordic Edge SMS Plugin Move the Plugin Nordic Edge SMS to the top of the plugins www nordicedge se Copyright 2008 Nordic Edge AB Page 18 of 49 ...

Страница 19: ... the Nordic Edge SMS Page If you installed the license dat during the installation and checked the box Request a demo SMS account at Nordic Edge an account should now be preconfigured for you www nordicedge se Copyright 2008 Nordic Edge AB Page 19 of 49 ...

Страница 20: ...Installation Guide 6 5 Radius Client page For configuring One Time Passwords Server to act as radius server go to the Radius Client page www nordicedge se Copyright 2008 Nordic Edge AB Page 20 of 49 ...

Страница 21: ...nable Radius Enable Radius and choose one of the radius ports 1645 or 1812 that you want to use Make sure that the client Cisco 5500 ASA is using the same radius port www nordicedge se Copyright 2008 Nordic Edge AB Page 21 of 49 ...

Страница 22: ...y name and the ip address for the Cisco 5500 ASA Please note that you should not use the hostname here Make sure that Is RADIUS is checked and enter the correct Shared Secret In the category User Database s click New www nordicedge se Copyright 2008 Nordic Edge AB Page 22 of 49 ...

Страница 23: ...r database In this case we are using Microsoft Active Directory with SSL and the users mobile attribute for sending one time passwords 6 7 1 Test LDAP Connection Click on Test LDAP Connection and make sure that you get an LDAP Connection Success www nordicedge se Copyright 2008 Nordic Edge AB Page 23 of 49 ...

Страница 24: ...Installation Guide www nordicedge se Copyright 2008 Nordic Edge AB Page 24 of 49 ...

Страница 25: ...Installation Guide 6 7 2 Selecting Search Base DN Click on the box for selecting Search Base DN www nordicedge se Copyright 2008 Nordic Edge AB Page 25 of 49 ...

Страница 26: ...Installation Guide Select a Base Dn where your users are www nordicedge se Copyright 2008 Nordic Edge AB Page 26 of 49 ...

Страница 27: ...allation Guide 6 7 3 Select Search filter Click on samples and select the right filter for your LDAP User database in this case Active Directory www nordicedge se Copyright 2008 Nordic Edge AB Page 27 of 49 ...

Страница 28: ...Installation Guide www nordicedge se Copyright 2008 Nordic Edge AB Page 28 of 49 ...

Страница 29: ...Installation Guide 6 7 4 Test LDAP Authentication Click on Test LDAP Authentication and make sure you can authenticate www nordicedge se Copyright 2008 Nordic Edge AB Page 29 of 49 ...

Страница 30: ...tion Guide Exit the configurator by clicking OK twice and make sure to click on the Save button End of Step Configuring the One Time Password Server www nordicedge se Copyright 2008 Nordic Edge AB Page 30 of 49 ...

Страница 31: ...tion Guide 7 Start the One Time Password Server Start the One Time Password by going to Program folder NordicEdge OTPServer and klick on OTP Server www nordicedge se Copyright 2008 Nordic Edge AB Page 31 of 49 ...

Страница 32: ...agement Console Add mobile phone number to your test users mobile phone attribute Start MMC and select the user that you want to use for testing and enter the mobile phone number in the Mobile attribute www nordicedge se Copyright 2008 Nordic Edge AB Page 32 of 49 ...

Страница 33: ...SL VPN authentication with Nordic Edge One Time Password Server 9 1 Start ASA device manager 9 2 Browse to Configuration Remote Access VPN AAA Local Users AAA Server Groups and click Add www nordicedge se Copyright 2008 Nordic Edge AB Page 33 of 49 ...

Страница 34: ...Installation Guide 9 3 Name Server Group OTPserver choose protocol RADIUS www nordicedge se Copyright 2008 Nordic Edge AB Page 34 of 49 ...

Страница 35: ... 5 Configure Radius Server Interface name IP address to OTPserver and the pre shared key between the One Time Password server and Cisco ASA5500 Ensure you use the same radius ports in both OTPserver ASA5500 www nordicedge se Copyright 2008 Nordic Edge AB Page 35 of 49 ...

Страница 36: ...ion Guide You have now configured a group OTPserver and defined a Radius Server in this group This group can now be used as an authentication method www nordicedge se Copyright 2008 Nordic Edge AB Page 36 of 49 ...

Страница 37: ... connection profile in case you want to test this for certain users only 9 6 1 Browse to Configuration Remote Access Clientless SSL VPN Access Connection Profiles and click Add www nordicedge se Copyright 2008 Nordic Edge AB Page 37 of 49 ...

Страница 38: ...Installation Guide 9 6 2 Specify Connection Profile Name 9 6 3 Specify AAA Server Group OTPserver www nordicedge se Copyright 2008 Nordic Edge AB Page 38 of 49 ...

Страница 39: ...Installation Guide www nordicedge se Copyright 2008 Nordic Edge AB Page 39 of 49 ...

Страница 40: ...Guide 9 6 4 Edit Connection Profile Clientless SSL VPN Settings 9 6 5 Add Alias if user should be able to select authentication method by drop down list www nordicedge se Copyright 2008 Nordic Edge AB Page 40 of 49 ...

Страница 41: ...VPN Settings 9 6 7 Add Group URL if user should be able to select authentication by specifying URL 9 6 8 If user should be allowed to select authentication method by drop down list 9 6 9 select this item www nordicedge se Copyright 2008 Nordic Edge AB Page 41 of 49 ...

Страница 42: ...Installation Guide www nordicedge se Copyright 2008 Nordic Edge AB Page 42 of 49 ...

Страница 43: ...Installation Guide www nordicedge se Copyright 2008 Nordic Edge AB Page 43 of 49 ...

Страница 44: ...ssful the user will now get to his portal which can be customized depending on Active Directory membership PC health status antivirus hotfix etc and authentication method www nordicedge se Copyright 2008 Nordic Edge AB Page 44 of 49 ...

Страница 45: ...ring ASA5500 for Cisco VPN Client authentication with Nordic Edge OTP Server 10 1 Add a new or Edit an existing Cisco VPN Client Connection Profile to use the OTPserver www nordicedge se Copyright 2008 Nordic Edge AB Page 45 of 49 ...

Страница 46: ...entry with correct name and password Name must match the connection profile name at previous slide Password must match the pre shared key in ASA5500 Note This can be distributed via MSI installation www nordicedge se Copyright 2008 Nordic Edge AB Page 46 of 49 ...

Страница 47: ...ide 11 Start testing 11 1 Enter your Userid and password as usual 11 2 You will receive a one time password to your mobile phone within a couple of seconds www nordicedge se Copyright 2008 Nordic Edge AB Page 47 of 49 ...

Страница 48: ...Installation Guide 11 3 Enter your one time password and click on OK www nordicedge se Copyright 2008 Nordic Edge AB Page 48 of 49 ...

Страница 49: ... more than welcome to contact us at sales nordicedge se and we will send you an offer Please note that the price will depend on number of users 13 Technical questions If you have any technical questions please contact us at support nordicedge se Thank you for showing interest in our product The Nordic Edge One Time Password Server Team ...

Отзывы:

Нет отзывов

Похожие инструкции для ASA 5500

Бренд: 3M Страницы: 3

RESIDENT CONSULTANT

Бренд: Juniper Страницы: 4

Бренд: TC Electronic Страницы: 12

Бренд: SanDisk Страницы: 11

Бренд: Native Instruments Страницы: 38

APPLICATION STACK 2.0 RELEASE

Бренд: Red Hat Страницы: 26

NETWORK SATELLITE SERVER 4.0

Бренд: Red Hat Страницы: 80

NETWORK - USER REFERENCE GUIDE 3.1

Бренд: Red Hat Страницы: 78

NETWORK SATELLITE 5.1.0 - CHANNEL MANAGEMENT

Бренд: Red Hat Страницы: 300

Бренд: TC Works Страницы: 20

Бренд: Ulead Страницы: 58

Total Control Mobile

Бренд: URC Страницы: 14

Бренд: GRASS VALLEY Страницы: 4

256B1-05A761-1301 - AutoCAD Revit Structure Suite 2010

Бренд: Autodesk Страницы: 1638

SANsurfer FC HBA Manager Application

Бренд: Qlogic Страницы: 218

Бренд: IBM Страницы: 220

WISMO Quik Q2501

Бренд: Wavecom Страницы: 79

Digital Wave Player VN-120PC

Бренд: Olympus Страницы: 4

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды