Juniper Networks SSL VPN Implementation Guide



Similar documents
Cisco VPN Concentrator Implementation Guide

Check Point FW-1/VPN-1 NG/FP3

BlackShield ID PRO. Steel Belted RADIUS 6.x. Implementation Guide. Copyright 2008 to present CRYPTOCard Corporation. All Rights Reserved

Implementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID

Apache Server Implementation Guide

Active Directory Synchronization Agent for CRYPTO-MAS1.7

Strong Authentication for Juniper Networks

Strong Authentication for Juniper Networks SSL VPN

BlackShield ID Agent for Remote Web Workplace

Juniper SSL VPN Authentication QUICKStart Guide

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

DIGIPASS Authentication for Cisco ASA 5500 Series

Implementation Guide for protecting

netld External Authentication Setup Guide

Configuring the Watchguard Edge for RADIUS authentication

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

Integration Guide. SafeNet Authentication Service. VMWare View 5.1

Strong Authentication for Cisco ASA 5500 Series

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

Strong Authentication for Microsoft SharePoint

Strong Authentication for Microsoft TS Web / RD Web

Cisco ASA Authentication QUICKStart Guide

RSA SecurID Ready Implementation Guide

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

ESET SECURE AUTHENTICATION. Check Point Software SSL VPN Integration Guide

Borderware Firewall Server Version 7.1. VPN Authentication Configuration Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

ESET SECURE AUTHENTICATION. SonicWall SSL VPN Integration Guide

Agent Configuration Guide

DIGIPASS Authentication for Check Point Connectra

If you have questions or find errors in the guide, please, contact us under the following address:

ESET SECURE AUTHENTICATION. Cisco ASA Internet Protocol Security (IPSec) VPN Integration Guide

Set Up Setup with Microsoft Outlook 2007 using POP3

CRYPTOCard. Strong Two Factor Authentication

DIGIPASS Authentication for Check Point Security Gateways

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

Defender EAP Agent Installation and Configuration Guide

Folder Proxy + OWA + ECP/EAC Guide. Version 2.0 April 2016

ESET SECURE AUTHENTICATION. Cisco ASA SSL VPN Integration Guide

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

Integration Guide. Swivel Secure Authentication

Cisco ASA. Implementation Guide. (Version 5.4) Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

How to integrate RSA ACE Server SecurID Authentication with Juniper Networks Secure Access SSL VPN (SA) with Single Node or Cluster (A/A or A/P)

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web Access 1.06

CRYPTOLogon Agent. for Windows Domain Logon Authentication. Deployment Guide. Copyright , CRYPTOCard Corporation, All Rights Reserved.

Configuring Internet Authentication Service on Microsoft Windows 2003 Server

INTEGRATION GUIDE. DIGIPASS Authentication for F5 FirePass

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Netscreen 25 Remote VPN Authenticating Users Using SecurAccess Server by SecurEnvoy

Product Guide Addendum. SafeWord Check Point User Management Console Version 2.1

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

DIGIPASS Authentication for GajShield GS Series

How to Configure Web Authentication on a ProCurve Switch

MadCap Software. Upgrading Guide. Pulse

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

How to Setup PPTP VPN Between a Windows PPTP Client and the DIR-130.

Device LinkUP + Desktop LP Guide RDP

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

NetMotion Mobility XE

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

RSA SecurID Ready Implementation Guide

Scenario: IPsec Remote-Access VPN Configuration

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Sophos UTM. Remote Access via PPTP Configuring Remote Client

with PKI Use Case Guide

NovaBACKUP xsp Version 15.0 Upgrade Guide

Configuring Global Protect SSL VPN with a user-defined port

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

Borderware MXtreme. Secure Gateway QuickStart Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Configuring PPP And SIP

Agent Configuration Guide for Microsoft Windows Logon

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

BlackShield ID Best Practice

Strong Authentication for Microsoft Windows Logon

Wireless Setup for Windows 8

ZyWALL OTPv2 Support Notes

Fireware How To Authentication

Sophos UTM. Remote Access via IPsec Configuring Remote Client

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

Reverse Proxy Guide. Version 2.0 April 2016

How to set up Outlook Anywhere on your home system

Patriots Outlook Configuration

Installation Guide. SafeNet Authentication Service

HOTPin Integration Guide: DirectAccess

Authentication Node Configuration. WatchGuard XTM

DIGIPASS Authentication for SonicWALL SSL-VPN

Two-Factor Authentication

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

PaperClip. em4 Cloud Client. Manual Setup Guide

MultiSite Manager. Setup Guide

Identikey Server Getting Started Guide 3.1

Accessing the Media General SSL VPN

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on Mail Tab.

Version 0.1 June Xerox WorkCentre 7120 Fax over Internet Protocol (FoIP)

SafeNet Cisco AnyConnect Client. Configuration Guide

Integration Guide. Duo Security Authentication

Transcription:

Juniper Networks SSL VPN Implementation Guide Copyright Copyright 2006, CRYPTOCard Corp. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of CRYPTOCard Corp.

Juniper SSL VPN Overview This documentation presents an overview and necessary steps to configure a Juniper SSL VPN for use with CRYPTO-MAS and CRYPTOCard tokens. The Juniper SSL VPN is used to create an encrypted tunnel between hosts. CRYPTO-MAS works in conjunction with the Juniper SSL VPN to replace static passwords with strong two-factor authentication that prevents the use of lost, stolen, shared, or easily guessed passwords when establishing a connection to gain access to protected resources. With CRYPTO-MAS acting as the authentication server for a VPN enabled resource, an authenticated connection sequence would be as follows: 1. The administrator configures the Juniper SSL VPN to use RADIUS Authentication. 2. The incoming RADIUS authentication request is relayed over to the CRYPTO-MAS Server as shown in Figure 1 below. Figure 1 RADIUS authentication request is relayed to the CRYPTO-MAS Server 3. The CRYPTO-MAS Server examines the incoming packet. If the user exists, it then checks the token associated with the user for the expected PIN + One-time password. Juniper Networks SSL VPN Implementation Guide 1

4. Once the PIN + One-time password is verified against the user s token and it is valid, it will then send an access accepted. This is illustrated in Figure 2 below. If the user does not exist, or the PIN + One-time password is incorrect it will send the user an access reject message. Figure 2 The CRYPTO-MAS Server responds with an access accepted or rejected. Juniper Networks SSL VPN Implementation Guide 2

Compatibility For security reasons, and compatibility with CRYPTOCard Authentication, the version of the Juniper SSL VPN must be release 4.2 or higher. Prerequisites The following systems must be verified operational prior to configuring the VPN concentrator to use CRYPTOCard authentication: 1. Verify end users can authenticate through the Juniper SSL VPN with a static password before configuring the concentrator to use CRYPTOCard authentication. 2. Ensure an initialized CRYPTOCard token has been assigned to a CRYPTOCard user. The following CRYPTO-MAS server information is also required: Primary CRYPTO-MAS RADIUS Server Fully Qualified Hostname or IP Address: Secondary CRYPTO-MAS RADIUS Server Fully Qualified Hostname or IP Address (OPTIONAL): CRYPTO-MAS RADIUS Authentication port number: CRYPTO-MAS RADIUS Accounting port number (OPTIONAL): CRYPTO-MAS RADIUS Shared Secret: Juniper Networks SSL VPN Implementation Guide 3

Configuring Juniper SSL VPN In order for the SSL VPN to authenticate CRYPTOCard token users, RADIUS authentication must be enabled. Adding a RADIUS Server Choose Signing In > AAA Servers From the dropdown box next to the New: heading, choose "Radius Server", and click on the "New Server..." button. Fill in the information for the CRYPTO-MAS RADIUS server obtained from the prerequisites section in the New Radius Server page. Fill in information for the Backup CRYPTO-MAS RADIUS Server, if one exists. Check the Users authenticate using tokens and one-time passwords box and click on "Save Changes". Juniper Networks SSL VPN Implementation Guide 4

Under Users > Authentication > 1.Users > General In this setup page set Authentication to the CRYPTO-MAS RADIUS Server. In the Servers section of the General Tab, set Authentication to the CRYPTO-MAS RADIUS Server, and click on "Save Changes". Mapping CRYPTOCard Users to Realms SSL VPN Once the CRYPTO-MAS Server has been added to the SSL VPN setup, you may configure the CRYPTO- Server to map the user to a realm on the IVE. Under User -> Authentication, click local. From the Role Mapping tab, click New Rule to access the Role Mapping Rule page. Define a rule based on a User attribute. Set the attribute to Filter-Id (11), and enter a value that will be used to map CRYPTOCard users to this role. Juniper Networks SSL VPN Implementation Guide 5

Choose the role to assign the user to. Check off Stop processing rules when this rule matches, and click on Save Changes. CRYPTOCard must be notified of the Filter-Id name in order to map the user to the realm. Connect using the SSL VPN client Once the SSL VPN has been configured correctly with correct RADIUS server information, the end-users should be able to connect via browser to access network resources using their CRYPTOCard token. Enter the CRYPTOCard username Generate a One-Time-Password from the CRYPTOCard token Enter the PIN and One-Time-Password together in the password field, and click OK Once the SSL VPN has verified the username and password with the CRYPTO-Server, the connection will be established. Juniper Networks SSL VPN Implementation Guide 6

Solution Overview Summary Product Name Vendor Site Juniper SSL VPN http://www.juniper.net/ Supported Client Software Internet Explorer 6+ Mozilla Firefox 1.5+ Authentication Method RADIUS Authentication Supported RADIUS Functionality for Juniper SSL VPN Connection RADIUS Authentication Encryption PAP Authentication Method MSCHAPv2 One-time password Challenge-response Static Password New PIN Mode User changeable Alphanumeric 4-8 digit PIN User changeable Numeric 4-8 digit PIN Server changeable Alphanumeric 4-8 digit PIN Server changeable Numeric 4-8 digit PIN Trademarks CRYPTOCard, CRYPTO-Server, CRYPTO-Web, CRYPTO-Kit, CRYPTO-Logon, CRYPTO-VPN, CRYPTO-MAS are either registered trademarks or trademarks of CRYPTOCard Corp. Microsoft Windows and Windows XP/2000/2003/NT are registered trademarks of Microsoft Corporation. All other trademarks, trade names, service marks, service names, product names, and images mentioned and/or used herein belong to their respective owners. Publication History Date October 27 th, 2006 November 9 th, 2006 November 29, 2006 Changes Initial Draft Global Draft Minor Revision Juniper Networks SSL VPN Implementation Guide 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information