How to integrate RSA ACE Server SecurID Authentication with Juniper Networks Secure Access SSL VPN (SA) with Single Node or Cluster (A/A or A/P)



Similar documents
RSA SecurID Ready Implementation Guide

Two-Factor Authentication

RSA SecurID Ready Implementation Guide

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Using IKEv2 on Juniper Networks Junos Pulse Secure Access Appliance

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Security Provider Integration RADIUS Server

RSA SecurID Ready Implementation Guide

Stonesoft Corp. Stonegate Firewall and VPN

VPN Web Portal Usage Guide

VMware Virtual Desktop Manager User Authentication Guide

Workspot, Inc. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: September 16, Product Information Partner Name

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

New Brunswick Internal Services Agency. RSA Self-Service Console User Guide

RSA Authentication Manager 7.1 Basic Exercises

ZyWALL OTPv2 Support Notes

How To Configure A Bomgar.Com To Authenticate To A Rdius Server For Multi Factor Authentication

Lieberman Software. RSA SecurID Ready Implementation Guide. Account Reset Console. Partner Information. Last Modified: March 20 th, 2012

IMS Health Secure Outlook Web Access Portal. Quick Setup

Instructions for Using Secure . (SMail) via Outlook Web Access. with an RSA Token

Implementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID

RSA SecurID Certified Administrator (RSA Authentication Manager 8.0) Certification Examination Study Guide

External Authentication with Netscreen 25 Remote VPN Authenticating Users Using SecurAccess Server by SecurEnvoy

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

RSA SecurID Ready Implementation Guide

How To Use The Syndicate Bank Rsa Security Token For Internet Banking On Pc Or Mac Or Mac (For A Web Browser) For A Long Time (For An Ipad) For Free (For Free) For An Unlimited Time) For Your

MIGRATION GUIDE. Authentication Server

1.6 HOW-TO GUIDELINES

RSA Two Factor Authentication. Feature Description

Install FileZilla Client. Connecting to an FTP server

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

RSA SecurID Token User Guide February 12, 2015

Strong Authentication for Juniper Networks

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

RSA ACE/Agent 5.5 for Windows Installation and Administration Guide

How To Connect A Gemalto To A Germanto Server To A Joniper Ssl Vpn On A Pb.Net 2.Net (Net 2) On A Gmaalto.Com Web Server

Defender Token Deployment System Quick Start Guide

Configuring the Watchguard Edge for RADIUS authentication

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

RSA Security Analytics

Juniper SSL VPN Authentication QUICKStart Guide

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

Authentication Node Configuration. WatchGuard XTM

Defender Configuring for Use with GrIDsure Tokens

PineApp Surf-SeCure Quick

DIS VPN Service Client Documentation

Updated: 7/10/2013 Author: Tim Unten

Network Connect Performance Logs on MAC OS

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN

Step by Step Guide to implement SMS authentication to F5 Big-IP APM (Access Policy Manager)

Siteminder Integration Guide

Juniper Networks SSL VPN Implementation Guide

IIS, FTP Server and Windows

Configuring Global Protect SSL VPN with a user-defined port

Logging into Citrix (Epic) using an RSA Soft Token - New RSA User

How To Configure SSL VPN in Cyberoam

External Authentication with CiscoSecure ACS. Authenticating Users Using. SecurAccess Server. by SecurEnvoy

USER MANUAL. CTBTO Remote Access VPN using Cisco AnyConnect

Allianz Global Investors Remote Access Guide

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Accessing the Mercy Remote Access Portal (SSL VPN)

ADFS Integration Guidelines

Strong Authentication for Juniper Networks SSL VPN

F-Secure Messaging Security Gateway. Deployment Guide

Remote Access End User Guide (Cisco VPN Client)

Deployment Guide Mar-2016 rev. a. Integrating the Array Standalone Client with RSA Token Automation

LDAP User Guide PowerSchool Premier 5.1 Student Information System

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

Microsoft IAS Configuration for RADIUS Authorization

Click Studios. Passwordstate. High Availability Installation Instructions

Active Directory Integration

Network Load Balancing

Quick Start Guide. Hosting Your Domain

Managing Qualys Scanners

NSi Mobile Installation Guide. Version 6.2

OneLogin Integration User Guide

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

MadCap Software. Upgrading Guide. Pulse

Endpoint Security VPN for Windows 32-bit/64-bit

Case Study - Configuration between NXC2500 and LDAP Server

Security Provider Integration Kerberos Authentication

How to Access Coast Wi-Fi

EURECOM VPN SSL for students User s guide

RSA SECURID HEALTHCHECK

EMR Link Server Interface Installation

TechNote. Contents. Introduction. System Requirements. SRA Two-factor Authentication with Quest Defender. Secure Remote Access.

Installation Procedure SSL Certificates in IIS 7

Group Management Server User Guide

This means that any user from the testing domain can now logon to Cognos 8 (and therefore Controller 8 etc.).

How to Join QNAP NAS to Microsoft Active Directory (AD)

Installing Autodesk Vault Server 2012 on Small Business Server 2008

netld External Authentication Setup Guide

APNS Certificate generating and installation

Cisco ASA Authentication QUICKStart Guide

RSA SecurID Software Token 1.0 for Android Administrator s Guide

Click Studios. Passwordstate. High Availability Installation Instructions

RSA Two Factor Authentication

Transcription:

How to integrate RSA ACE Server SecurID Authentication with Juniper Networks Secure Access SSL VPN (SA) with Single Node or Cluster (A/A or A/P) Scenario # 1: Single Node or Standalone SA... 2 Scenario # 2: Active/Active or Active/Passive SA Cluster... 6 The following document was prepared using: SA OS Version - 7.1R2 RSA ACE Version - 6.1 Juniper Networks, Inc. 1

Scenario # 1: Single Node or Standalone SA There are four configuration steps required to integrate RSA SecurID with the SA appliance. 1. Add SA as an Agent Host in the RSA Authentication Manager s database and create sdconf.rec file. 2. Add ACE server to the SA configuration and import the sdconf.rec file. 3. Bind the Ace server to an SA authentication realm 4. Configure role mapping rules Step 1: Add the SA as an Agent Host within the RSA Authentication Manager s database and create an sdconf.rec file. 1. On the RSA Authentication Manager computer, go to Start All Programs RSA Security RSA Authentication Manager Host Mode. On the Agent Host menu, choose Add Agent Host. Name: Type the hostname of the SA Network Address: Type the real IP address of the SA internal interface for NodeA Agent Type: Select Communication Server Encryption Type: Choose your encryption method. The SA supports both SDI & DES encryption Assign users to the Agent Host by choosing either Open to All Juniper Networks, Inc. 2

Locally Known Users or click User Activations and assign users. In our example we choose Open to All Locally Known Users. Click OK to add the SA as an Agent Host to the RSA Authentication Manager s database. 2. In the RSA Authentication Manager choose Add Agent Generate Configuration File One Agent Host. Select the Agent Host for the SA created in Step 2 and Click OK and save the sdconf.rec file in a known directory. The same sdconf.rec file will be used in subsequent steps to import on the ACE server instance created on the SA device. Juniper Networks, Inc. 3

Step 2: Add the ACE server as an authentication server instance on the SA by importing the sdconf.rec file 1. In the Administrator Console, choose Authentication Auth Servers ACE New Server. The configuration page for the ACE server appears. After the sdconf.rec is imported, the ACE configuration is synchronized across all members of the cluster. Name: Enter a name to identify the ACE Server instance Port: Change if needed but the default is 5500 Import new config file: Click the Browse button and upload the sdconf.rec file. Click Save Changes Note: Under Node Verification file, the Creation Time is blank. This will not be filled in until at least one user authenticates successfully to this SA device. Step 3: Bind the ACE Server to an SA Authentication Realm: 1. Go to Users Roles and create a role for your SecurID users based on your secure access policies. 2. Go to Users Realm New and enter the appropriate information for the Authentication Realm Name: Give the Realm a Name Authentication Server: Select the ACE server defined step above and save changes Juniper Networks, Inc. 4

Step 4: Configure Role-Mapping rules. 1. Click New Rule and create a role mapping rule. After successfully configuring the server, SecurID authentication is enabled on the SA. Users who are configured to use SecurID authentication can sign in with their username and their SecurID Passcode. Juniper Networks, Inc. 5

Scenario # 2: Active/Active or Active/Passive SA Cluster There are four configuration steps required to integrate RSA SecurID with the SA appliance. 1. Add each SA node of the cluster as an Agent Host in the RSA Authentication Manager s database and create sdconf.rec file. 2. Add ACE server to the SA configuration and import the sdconf.rec file. 3. Bind the Ace server to an SA authentication realm 4. Configure role mapping rules Step 1: Create an Agent Host within RSA Authentication Manager, one for each member in the SA Cluster with its corresponding IP address. 1. On the RSA Authentication Manager computer, go to Start> All Programs RSA Security RSA Authentication Manager Host Mode. On the Agent Host menu, choose Add Agent Host. Juniper Networks, Inc. 6

Name: Type the hostname of the SA Network Address: Type the real IP address of the SA internal interface for NodeA Agent Type: Select Communication Server Encryption Type: Choose your encryption method. The SA supports both SDI & DES encryption Assign users to the Agent Host by choosing either Open to All Locally Known Users or click User Activations and assign users. In our example we choose Open to All Locally Known Users. Click OK to add the SA as an Agent Host to the RSA Authentication Manager s database. Go back and repeat step one for Node B as shown in the screenshots below. Juniper Networks, Inc. 7

2. In the RSA Authentication choose Generate Configuration File>One Agent Juniper Networks, Inc. 8

3. Select any one of the above two Agent Hosts that were created as above in Step 1 and Click OK to save the sdconf.rec file in a known directory. 4. In the above screenshot we have saved sdconf.rec file of Agent host NodeA. The same sdconf.rec file will be used in subsequent steps to import on the ACE server instance created on the SA device. Juniper Networks, Inc. 9

Step 2: Add the ACE server as an authentication server instance on the SA by importing the sdconf.rec file In the Administrator Console, choose Authentication Auth Servers ACE New Server. The configuration page for the ACE server appears. After the sdconf.rec is imported, the ACE configuration is synchronized across all members of the cluster. Name: Enter a name to identify the ACE Server instance Port: Change if needed but the default is 5500 Import new config file: Click the Browse button and upload the sdconf.rec file. In this case upload sdconf.rec file saved as shown in above step1. Click Save Changes Note: Under Node Verification file, the Creation Time is blank. This will not be filled in until at least one user authenticates successfully to each of the nodes. You will need to log into the physical IP of each node to allow the SA and the ACE server to negotiate a node secret on first successful login. Juniper Networks, Inc. 10

Step 3: Bind the ACE Server to an SA Authentication Realm: 1. Go to Users>Roles and create a role for your SecurID users based on your secure access policies. 2. Go to Users>Realm>New and enter the appropriate information for the Authentication Realm Name: Give the Realm a Name Authentication Server: Select the ACE server defined step above and save changes Step 4: Configure Role-Mapping rules. Click New Rule and create a role mapping rule. Juniper Networks, Inc. 11

After successfully configuring the server, SecurID authentication is enabled on the SA. Users who are configured to use SecurID authentication can sign in with their username and their SecurID Passcode. Log directly into Node A Physical IP, and you will now see node secret file created for NodeA Juniper Networks, Inc. 12

Log directly into Node B Physical IP, and you will now see node secret file created for Node B as well. Juniper Networks, Inc. 13

How to add an Authentication agent in ACE 7.1 Authentication Manager 1. Click Access > Authentication Agents > Add New. 2. From the Security Domain drop-down menu, select the security domain to which you want to add the new agent. 3. Use the Hostname buttons to specify whether you want to enter a new name for the agent or use an existing server name. If you choose to enter a new name, the name must be unique. If you choose to use an existing server node, the IP Address and Alternate IP Address fields are automatically populated with information for the host and are read-only. 4. In the IP Address field, enter the IP address of the agent. If you choose to use an existing server name, this field is automatically populated and read-only. 5. From the Agent Type drop-down menu, select the type of agent you want to add. The default choice is Standard Agent. 6. Configure rest of the options as per your requirements. 7. Click Save. This procedure configures communication between the authentication agent and RSA Authentication Manager, and generates the Authentication Manager configuration file, sdconf.rec. Before an authentication agent can communicate with the Authentication Manager, you must copy this file to the agent host. Juniper Networks, Inc. 14

To configure communication options and generate the configuration file: 1. Click Access > Authentication Agents > Generate Configuration File. 2. From the Maximum Retries drop-down menu, enter the number of times you want the authentication agent to attempt to establish communication with Authentication Manager before returning the message "Cannot initialize agent - server communications." 3. From the Maximum Time Between Each Retry drop-down menu, enter the number of seconds you want to set between attempts by the authentication agent to establish communications with Authentication Manager. 4. Click Generate Config File. 5. Click Download Now to download the configuration file. Juniper Networks, Inc. 15

Additional ACE features: SA ACE-Challenge Intermediation Pages The SA supports the following ACE challenges: New PIN Mode System Generated PIN Next TOKENCODE Screen New Pin Mode: Juniper Networks, Inc. 16

System Generated PIN: Next Token Code Screen: Juniper Networks, Inc. 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information