External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy



Similar documents
External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Windows 2008 Server with Routing and Remote Access Service Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with CiscoSecure ACS. Authenticating Users Using. SecurAccess Server. by SecurEnvoy

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Citrix Access Gateway Advanced Edition

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Netscreen 25 Remote VPN Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy

Full disk encryption with Sophos Safeguard Enterprise With Two-Factor authentication of Users Using SecurAccess by SecurEnvoy

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

Microsoft Office365 with Active Directory Federated Services (ADFS) Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Cisco Router with VPN and Cisco EZVpn client Authenticating Users Using SecurAccess Server by SecurEnvoy

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

Microsoft Outlook Web Access 2013 Authenticating Users Using SecurAccess Server by SecurEnvoy

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

SSH to Ubuntu Server Authenticating Users Using SecurAccess Server by SecurEnvoy

SecurEnvoy Windows Login Agent

Configuring User Identification via Active Directory

SecurEnvoy IIS Web Agent. Version 7.2

ZyWALL OTPv2 Support Notes

ESET SECURE AUTHENTICATION. Cisco ASA Internet Protocol Security (IPSec) VPN Integration Guide

Accessing the Media General SSL VPN

Defender EAP Agent Installation and Configuration Guide

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

SecurEnvoy Reporting Wizard

Palo Alto Networks GlobalProtect VPN configuration for SMS PASSCODE SMS PASSCODE 2015

Authentication Node Configuration. WatchGuard XTM

For paid computer support call

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

A brief on Two-Factor Authentication

ESET SECURE AUTHENTICATION. Cisco ASA SSL VPN Integration Guide

Step by Step Guide to implement SMS authentication to F5 Big-IP APM (Access Policy Manager)

How to integrate RSA ACE Server SecurID Authentication with Juniper Networks Secure Access SSL VPN (SA) with Single Node or Cluster (A/A or A/P)

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

Scenario: IPsec Remote-Access VPN Configuration

Configuring IPsec VPN with a FortiGate and a Cisco ASA

DIS VPN Service Client Documentation

How To Connect A Gemalto To A Germanto Server To A Joniper Ssl Vpn On A Pb.Net 2.Net (Net 2) On A Gmaalto.Com Web Server

Application Note: Integrate Juniper IPSec VPN with Gemalto SA Server. October

Two-Factor Authentication

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

Matrix Technical Support Mailer 167 NAVAN CNX200 PPTP VPN with Windows Client

Check Point FW-1/VPN-1 NG/FP3

BlackShield ID Best Practice

SecurEnvoy Security Server Installation Guide

How to Logon with Domain Credentials to a Server in a Workgroup

VPN L2TP Application. Installation Guide

Scenario: Remote-Access VPN Configuration

Enable VPN PPTP Server Function

VPN Wizard Default Settings and General Information

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Understanding the Cisco VPN Client

intelligence at the edge of the network EdgeBOX V4.3 VPN How-To

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

Cisco VPN Concentrator Implementation Guide

7.1. Remote Access Connection

Configuring Global Protect SSL VPN with a user-defined port

How to Setup PPTP VPN Between a Windows PPTP Client and the DIR-130.

Step by step guide to implement SMS authentication to Cisco ASA Clientless SSL VPN and Cisco VPN

DIGIPASS Authentication for Juniper ScreenOS

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Configuring a FortiGate unit as an L2TP/IPsec server

Purple Sturgeon Standard VPN Installation Manual for Windows XP

RSA SecurID Ready Implementation Guide

Using IKEv2 on Juniper Networks Junos Pulse Secure Access Appliance

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

Application Note. Using a Windows NT Domain / Active Directory for User Authentication NetScreen Devices 8/15/02 Jay Ratford Version 1.

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

Chapter 5 Virtual Private Networking Using IPsec

Remote Access End User Guide (Cisco VPN Client)

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Cisco ASA. Implementation Guide. (Version 5.4) Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

SharePlus Enterprise: Security White Paper

HOTPin Integration Guide: DirectAccess

SSL SSL VPN

DIGIPASS Authentication for SonicWALL SSL-VPN

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

Defender Token Deployment System Quick Start Guide

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook

DIGIPASS Authentication for GajShield GS Series

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

DIGIPASS Authentication for Cisco ASA 5500 Series

SETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR.

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN

Cisco RV 120W Wireless-N VPN Firewall

Table of Contents. Cisco Cisco VPN Client FAQ

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

Transcription:

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington Business Park Theale Reading RG7 4TY Phil Underwood Punderwood@securenvoy.com

Cisco VPN 3000 Concentrator Integration Guide This document describes how to integrate a Cisco VPN 3000 Concentrator with SecurEnvoy two-factor Authentication solution called SecurAccess. Cisco VPN 3000 Concentrator provides - Secure Remote Access to the internal corporate network. SecurAccess provides two-factor, strong authentication for remote Access solutions (such as Cisco), without the complication of deploying hardware tokens or smartcards. Two-Factor authentication is provided by the use of (your PIN and your Phone to receive the one time passcode) SecurAccess is designed as an easy to deploy and use technology. It integrates directly into Microsoft s Active Directory and negates the need for additional User Security databases. SecurAccess consists of two core elements: a Radius Server and Authentication server. The Authentication server is directly integrated with LDAP or Active Directory in real time. SecurEnvoy Security Server can be configured in such a way that it can use the existing Microsoft password. Utilising the Windows password as the PIN, allows the User to enter their UserID, Windows password and One Time Passcode received upon their mobile phone. This authentication request is passed via the Radius protocol to the SecurEnvoy Radius server where it carries out a Two-Factor authentication. It provides a seemless login into the Windows Server environment by entering three pieces of information. SecurEnvoy utilises a web GUI for configuration, as does the Cisco VPN Concentrator. All notes within this integration guide refer to this type of approach. The equipment used for the integration process is listed below: Cisco Cisco 3000 VPN Concentrator. Model 3030 software v4.1 Cisco VPN EZ VPN client software v4.0.3 (D) SecurEnvoy Windows 2003 server SP1 IIS installed with SSL certificate (required for management and remote administration) Active Directory installed or connection to Active Directory via LDAP protocol. SecurAccess software release v3.0.010 2005 SecurEnvoy Ltd. All rights reserved Confidential Page 2

Index 1.0 Pre Requisites... 3 1.1 Configuration of Cisco 3000 VPN Concentrator... 4 2.0 Configuration of SecurEnvoy... 5 3.0 Cisco VPN Client Configuration... 6 4.0 Test logon... 7 5.0 Microsoft Native client considerations... 7 5.1 Test Logon Windows Client... 8 1.0 Pre Requisites It is assumed that the Cisco VPN concentrator has been installed and is authenticating with a username and password. Securenvoy Security Server has been installed with the Radius service and has a suitable account that has read and write privileges to the Active Directory, if firewalls are between the SecurEnvoy Security server, Active Directory servers, and the Routing and Remote Access server(s), additional open ports will be required. NOTE: Add radius profiles for each Cisco VPN concentrator that requires Two-Factor Authentication. 2005 SecurEnvoy Ltd. All rights reserved Confidential Page 3

1.1 Configuration of Cisco 3000 VPN Concentrator Login to Concentrator Web Interface, go to Configuration User Management Groups, click add group Populate Group information, make sure Identity type is Internal Select IPSec Set authentication to Radius Go to Configuration System Servers Authentication Add - 2005 SecurEnvoy Ltd. All rights reserved Confidential Page 4

Populate Radius server information of the SecurEnvoy server It is recommended that a retry of 2 and timeout of 10 seconds or more is used. 2.0 Configuration of SecurEnvoy To help facilitate an easy to use environment, SecurEnvoy can utilise the existing Microsoft password as the PIN. This allows the users to only remember their Domain password. SecurEnvoy supplies the second factor of authentication, which is the dynamic one time passcode (OTP) which is sent to the user s mobile phone. Launch the SecurEnvoy admin interface, by executing the Local Security Server Administration link on the SecurEnvoy Security Server. Click Config Select Windows Microsoft Password is the PIN under PIN Management This will now use the users existing password as the PIN. Click Update to confirm the changes 2005 SecurEnvoy Ltd. All rights reserved Confidential Page 5

Click the Radius Button Enter IP address and Shared secret for each Cisco 3000 VPN Concentrator that wishes to use SecurEnvoy Two-Factor authentication. Click Update to confirm settings. Click Logout when finished. This will log out of the Administrative session. 3.0 Cisco VPN Client Configuration The VPN client requires minimal configuration, enter details for the entry and a description. Designate what the VPN Concentrator public IP address is. Finally set the VPN group name and password. Click Save 2005 SecurEnvoy Ltd. All rights reserved Confidential Page 6

4.0 Test logon Once the configuration has been saved, the connection can be initiated by selecting the VPN profile for SecurEnvoy and click connect Enter your Windows Username in the username field and password (PIN) and Passcode in the password field. Click OK to complete the logon process. E.g. P4ssw0rd678123 5.0 Microsoft Native client considerations If using the Native VPN client for Windows, there are two distinct ways of attaching. PPTP VPN or L2TP over IPSec, the later is the preferred way of connecting. To allow interoperability with SecurEnvoy authentication the method must be set to PAP only. Note: IKE (Extended Authentication) such as Two-Factor Authentication, Challenge response and Radius are forms of authentications that allow a VPN device to offload user administration and authentication to a remote security database such as SecurEnvoy SecurAccess Radius server. IKE has no provision for user authentication; XAUTH uses IKE to transfer the user s authentication information (name and one time passcode) to an IPSec gateway (VPN Concentrator) in a secured IKE message. The VPN device uses the configured protocol (Radius) to authenticate the user with a remote security database i.e. SecurEnvoy Radius. XAUTH is negotiated between IKE phase1 and IKE phase2. Authentication is performed using an existing Radius authentication system. Therefore depending how the SA s have been set up for IKE phase 1 and 2 negotiations, depicts what encryption algorithm has been used, all user authentication and IPSec data is sent over a IKE phase1 encrypted tunnel (e.g. DES, 3DES). After successful authentication the IKE phase 2 tunnel is now fully formed (3DES, AES) and passes IP traffic. Additional configuration when using the native Windows client. Go to: Configuration - User Management Groups Using the selected VPN group you wish to configure for Windows native VPN dialer client. Navigate to the PPTP/L2TP tab; make sure that the appropriate authentication protocol (PPTP or L2TP) is set to PAP only. This also has to be reflected upon the 2000 or XP client. See http://www.cisco.com/warp/public/471/vpn3k_l2tp.html 2005 SecurEnvoy Ltd. All rights reserved Confidential Page 7

5.1 Test Logon Windows Client Enter the UserID in the Username field Enter password and passcode in the password field. E.g. P4ssw0rd678123 2005 SecurEnvoy Ltd. All rights reserved Confidential Page 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information