Strong Authentication for Cisco ACS 5.x

Similar documents
Strong Authentication for Juniper Networks

Strong Authentication for Juniper Networks SSL VPN

Strong Authentication for Microsoft TS Web / RD Web

Strong Authentication for Microsoft SharePoint

Strong Authentication for Cisco ASA 5500 Series

LDAP Synchronization Agent Configuration Guide for

BlackShield Authentication Service

Implementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID

SAML Authentication with BlackShield Cloud

Strong Authentication for Microsoft Windows Logon

Juniper SSL VPN Authentication QUICKStart Guide

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

Cisco ASA Authentication QUICKStart Guide

BlackShield ID PRO. Steel Belted RADIUS 6.x. Implementation Guide. Copyright 2008 to present CRYPTOCard Corporation. All Rights Reserved

BlackShield ID Agent for Remote Web Workplace

SafeNet Cisco AnyConnect Client. Configuration Guide

Implementation Guide for protecting

BlackShield ID MP Token Guide. for Java Enabled Phones

Juniper Networks SSL VPN Implementation Guide

SafeNet Authentication Service

Integration Guide. SafeNet Authentication Service. VMWare View 5.1

Defender 5.7. Remote Access User Guide

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Check Point FW-1/VPN-1 NG/FP3

DIGIPASS Authentication for Cisco ASA 5500 Series

MIGRATION GUIDE. Authentication Server

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Microsoft DirectAccess

INTEGRATION GUIDE. DIGIPASS Authentication for F5 FirePass

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN

Cisco VPN Concentrator Implementation Guide

Dell One Identity Cloud Access Manager How to Configure for High Availability

Agent Configuration Guide

SafeNet Authentication Service

Remote Logging Agent Configuration Guide

Identikey Server Getting Started Guide 3.1

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

Using Microsoft Active Directory Server and IAS Authentication

Apache Server Implementation Guide

Dell One Identity Cloud Access Manager Installation Guide

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Getting Started

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

Windows Hard Disk Encryption

Contents Notice to Users

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

DIGIPASS Authentication for Check Point Connectra

Quest Privilege Manager Console Installation and Configuration Guide

Web Remote Access. User Guide

New Security Features

formerly Help Desk Authority HDAccess Administrator Guide

SafeNet Authentication Service

Compatibility Matrix. VPN Authentication by BlackBerry. Version 1.7.1

BES10 Self-Service. Version: User Guide

HOTPin Integration Guide: DirectAccess

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0

Remote Firewall Deployment

Installation Guide. SafeNet Authentication Service

How To Secure An Rsa Authentication Agent

BlackBerry Business Cloud Services. Version: Release Notes

RSA Two Factor Authentication. Feature Description

Quest vworkspace Virtual Desktop Extensions for Linux

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

DIGIPASS Authentication for Check Point Security Gateways

Product Guide Addendum. SafeWord Check Point User Management Console Version 2.1

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

Clearview Customer Web Access

INTEGRATION GUIDE. General Radius Config

Defender Delegated Administration. User Guide

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

Azure Multi-Factor Authentication. KEMP LoadMaster and Azure Multi- Factor Authentication. Technical Note

New Security Features

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web Access 1.06

Integration Guide. SafeNet Authentication Service. Using RADIUS and LDAP Protocols for Cisco Secure ACS

Microsoft IAS and NPS Agent Configuration Guide

ESET SECURE AUTHENTICATION. Cisco ASA SSL VPN Integration Guide

Cisco ASA. Implementation Guide. (Version 5.4) Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

INTEGRATION GUIDE. DIGIPASS Authentication for Citrix NetScaler (with AGEE)

Defender EAP Agent Installation and Configuration Guide

LDAP Synchronization Agent Configuration Guide

RSA Two Factor Authentication

Svn.spamsvn110. QuickStart Guide to Authentication. WebTitan Version 5

Active Directory Synchronization Agent for CRYPTO-MAS1.7

Radius Integration Guide Version 9

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web App. Technical Manual Template

Dell One Identity Cloud Access Manager SonicWALL Integration Overview

ACTi NVR Config Converter User s Manual. Version /06/07

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Apache HTTP Server

Secure Web Gateway 11.7 Upgrade Release Notes

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

Configuration Guide. SafeNet Authentication Service. Token Validator Proxy Agent

Work Space Manager for BES _449

Spotlight Management Pack for SCOM

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

DIGIPASS Authentication for Windows Logon Product Guide 1.1

Dell Statistica Statistica Enterprise Installation Instructions

AccelPro SSL VPN v3.1.9 AccelPro SSL VPN. End User Installation Guide for Director General Of Hydro Carbon Users

NetMotion Mobility XE

4.0. Offline Folder Wizard. User Guide

Transcription:

Strong Authentication for Cisco ACS 5.x with Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY

Copyright Copyright 2011. CRYPTOCard Inc. All rights reserved. The information contained herein is subject to change without notice. Proprietary Information of CRYPTOCard Inc. Disclaimer The information contained in this document may change without notice, and may have been altered or changed if you have received it from a source other than CRYPTOCard Inc. While every effort is made to ensure the accuracy of content offered on these pages, CRYPTOCard Inc. shall have no liability for errors, omissions or inadequacies in the content contained herein or for interpretations thereof. Use of this information constitutes acceptance for use in an AS IS condition, without warranties of any kind, and any use of this information is at the user s own risk. No part of this documentation may be reproduced without the prior written permission of the copyright owner. CRYPTOCard Inc. disclaims all warranties, either expressed or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall CRYPTOCard Inc. be liable for any damages whatsoever, including direct, indirect, incidental, consequential or special damages, arising from the use or dissemination hereof, even if CRYPTOCard Inc. has been advised of the possibility of such damages. Some provinces, states or countries do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. Links and addresses to Internet resources are inspected thoroughly prior to release, but the everchanging nature of the Internet prevents CRYPTOCard Inc. from guaranteeing the content or existence of the resource. When possible, the reference contains alternate sites or keywords that could be used to acquire the information by other methods. If you find a broken or inappropriate link, please send an email with the topic name, link, and its behaviour to support@cryptocard.com. The software described in this document is furnished under a license and may be used or copied only in accordance with the terms of the license. Trademarks BlackShield ID, CRYPTOCard and the CRYPTOCard logo are trademarks and/or registered trademarks of CRYPTOCard Corp. in Canada and/or other countries. All other goods and/or services mentioned are trademarks of their respective holders. 2

Contact Information CRYPTOCard s technical support specialists can provide assistance when planning and implementing CRYPTOCard in your network. In addition to aiding in the selection of the appropriate authentication products, CRYPTOCard can suggest deployment procedures that provide a smooth, simple transition from existing access control systems and a satisfying experience for network users. We can also help you leverage your existing network equipment and systems to maximize your return on investment. CRYPTOCard works closely with channel partners to offer worldwide Technical Support services. If you purchased this product through a CRYPTOCard channel partner, please contact your partner directly for support needs. To contact CRYPTOCard directly: United Kingdom 2430 The Quadrant, Aztec West, Almondsbury, Bristol, BS32 4AQ, U.K. Phone: +44 870 7077 700 Fax: +44 870 70770711 support@cryptocard.com North America 600-340 March Road, Kanata, Ontario, Canada K2K 2E4 Phone: +1 613 599 2441 Fax: +1 613 599 2442 support@cryptocard.com For information about obtaining a support contract, see our Support Web page at http://www.cryptocard.com Overview 3

Overview By default Cisco ACS logons requires that a user provide a correct user name and password to successfully logon. This document describes the steps necessary to augment this logon mechanism with strong authentication by adding a requirement to provide a one-time password generated by a CRYPTOCard token using the implementation instructions below. Applicability This integration guide is applicable to: Security Partner Information Security Partner Cisco Systems Product Name and Version Cisco ACS 5.x Protection Category Remote Access Authentication Service Delivery Platform Compatibility Publication History Date Changes Version September 29, 2010 Document created 1.0 Overview 4

Preparation and Prerequisites 1. Ensure end users can authenticate through Cisco ACS with a static password before configuring RADIUS authentication. 2. For BlackShield Server: a. BlackShield ID NPS IAS Agent has been installed and configured on the NPS IAS Server to accept Radius authentication from the Juniper SSL VPN. b. Ensure that Ports 1812 UDP and 1813 UDP are open to the NPS / IAS Server c. The NPS IAS Agent must be configured to use either port 80 or port 443 to send authentication requests to the BlackShield ID server. 3. For BlackShield Cloud: a. Add a RADIUS Auth Node configured to accept authentication requests from the Juniper SSL VPN. 4. For BlackShield Server or BlackShield Cloud: a. Create or define a Test account that will be used to verify that Cisco ACS has been properly configured. Ensure that the user name for this account exists in BlackShield ID by locating it in the Assignment Tab. b. Verify that the Test user account can successfully authenticate with a static password, to Cisco ACS before attempting to apply changes and test authentication using a token. c. A Test user account has been created and assigned with a CRYPTOCard token. Preparation and Prerequisites 5

Configuration In order for Cisco Secure ACS to authenticate CRYPTOCard token users, a RADIUS Identity Server associated to the BlackShield Server must be added to the Cisco Secure ACS configuration. The RADIUS Identity Server must be enabled in the Identity Store Sequences. Configuring CRYPTOCard authentication using an Identity Store Sequence consists of 2 steps: Step 1. Step 2. Define a RADIUS Identity Server. Define an Identity Store Sequence Defining a RADIUS Identity Server The BlackShield ID Agent for Internet Authentication Service (IAS), Network Policy Server (NPS) or Juniper Steel Belted RADIUS must be defined as a RADIUS Identity Server within Cisco ACS. Perform the following steps: 1. In Cisco Secure ACS select Users and Identity Stores, External Identity Stores, RADIUS Identity Servers then Create. Configuration 6

2. Under General enter the Name and Description for the BlackShield RADIUS server. Under Server Connection, Primary Server enter the IP Address or Hostname of the BlackShield RADIUS Server. Enter the Shared Secret defined in the BlackShield server for Cisco ACS. Under Advanced Options the Authentication Port should be set to 1812 and under Accounting Port set 1813. The Server timeout should be set to 10 seconds or higher and the Connection Attempts set to 3. 3. If required, populate the Shell Prompts, Directory Attributes and the Advanced tab. Defining an Identity Store Sequence The BlackShield RADIUS Identity Server must be assigned to an Identify Store Sequence. Perform the following steps: 1. In Cisco Secure ACS select Users and Identity Stores, External Identity Stores, Identity Store Sequences then Create. Configuration 7

2. Under General enter the Name and Description for the BlackShield RADIUS server. Under Authentication Method List select Password Based. Under Authentication and Attribute Retrieval Search List place the BlackShield Identity Server in the Selected list. Further Information For further information, please visit http://www.cryptocard.com Configuration 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information