Cisco VPN Concentrator Implementation Guide



Similar documents
Juniper Networks SSL VPN Implementation Guide

Check Point FW-1/VPN-1 NG/FP3

BlackShield ID PRO. Steel Belted RADIUS 6.x. Implementation Guide. Copyright 2008 to present CRYPTOCard Corporation. All Rights Reserved

Apache Server Implementation Guide

Implementation Guide for protecting

Implementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID

Defender EAP Agent Installation and Configuration Guide

CRYPTOCard. Strong Two Factor Authentication

DIGIPASS Authentication for Cisco ASA 5500 Series

BlackShield ID Agent for Remote Web Workplace

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

CRYPTOLogon Agent. for Windows Domain Logon Authentication. Deployment Guide. Copyright , CRYPTOCard Corporation, All Rights Reserved.

Borderware Firewall Server Version 7.1. VPN Authentication Configuration Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

Cisco ASA. Implementation Guide. (Version 5.4) Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

INTEGRATION GUIDE. DIGIPASS Authentication for F5 FirePass

DIGIPASS Authentication for Check Point Security Gateways

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

Zeroshell: VPN Host-to-Lan

ESET SECURE AUTHENTICATION. Cisco ASA Internet Protocol Security (IPSec) VPN Integration Guide

VPN Configuration Guide. Cisco Small Business (Linksys) WRVS4400N / RVS4000

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

RSA SecurID Ready Implementation Guide

ESET SECURE AUTHENTICATION. Check Point Software SSL VPN Integration Guide

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

DIGIPASS Authentication for GajShield GS Series

VMware Horizon View for SMS PASSCODE SMS PASSCODE 2014

Defender 5.7. Remote Access User Guide

Device LinkUP + Desktop LP Guide RDP

Agent Configuration Guide for Microsoft Windows Logon

Strong Authentication for Microsoft SharePoint

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

Configuring PPP And SIP

If you have questions or find errors in the guide, please, contact us under the following address:

ESET SECURE AUTHENTICATION. Cisco ASA SSL VPN Integration Guide

Strong Authentication for Juniper Networks

Strong Authentication for Juniper Networks SSL VPN

SMS PASSCODE CONFIGURATION FOR CISCO ASA / RADIUS AUTHENTICATION SMS PASSCODE 2011

Product Guide Addendum. SafeWord Check Point User Management Console Version 2.1

NetMotion Mobility XE

Configuring Windows 2000/XP IPsec for Site-to-Site VPN

VPN Configuration Guide. Cisco Small Business (Linksys) WRV210

(this is being worked on)

Nokia Mobile VPN How to configure Nokia Mobile VPN for Cisco ASA with PSK/xAuth authentication

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

Strong Authentication for Cisco ASA 5500 Series

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

DIGIPASS Authentication for Check Point Connectra

Strong Authentication for Microsoft Windows Logon

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Strong Authentication for Microsoft TS Web / RD Web

Configuring the Watchguard Edge for RADIUS authentication

DIGIPASS Authentication for Juniper ScreenOS

Borderware MXtreme. Secure Gateway QuickStart Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

VPN Configuration Guide WatchGuard Fireware XTM

VPN Configuration Guide. Cisco Small Business (Linksys) RV016 / RV042 / RV082

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

How to Setup PPTP VPN Between a Windows PPTP Client and the DIR-130.

VPN Configuration Guide. ZyWALL USG Series / ZyWALL 1050

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

Configuring Microsoft RADIUS Server and Gx000 Authentication. Configuration Notes. Revision 1.0 February 6, 2003

Cisco ASA configuration for SMS PASSCODE SMS PASSCODE 2014

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook

Cisco ASA Authentication QUICKStart Guide

Remote Access End User Guide (Cisco VPN Client)

Configuring IPsec between a Microsoft Windows XP Professional (1 NIC) and the VPN router

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

Juniper SSL VPN Authentication QUICKStart Guide

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

Scenario: IPsec Remote-Access VPN Configuration

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

Integration Guide. SafeNet Authentication Service. VMWare View 5.1

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

A brief on Two-Factor Authentication

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

SecureW2 Client for Windows User Guide. Version 3.1

Purple Sturgeon Standard VPN Installation Manual for Windows XP

Two-Factor Authentication

Rohos Logon Key for Windows Remote Desktop logon with YubiKey token

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

Volume. Instruction Manual

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

RSA SecurID Ready Implementation Guide

Application Notes. How to Configure UTM with Apple OSX and ios Devices for IPsec VPN

Mac OS VPN Set Up Guide

netld External Authentication Setup Guide

Basic Exchange Setup Guide

KT-1 Key Chain Token. QUICK Reference. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

VPN Tracker for Mac OS X

Pre-lab and In-class Laboratory Exercise 10 (L10)

Configuring Single Sign-on for WebVPN

HOTPin Integration Guide: DirectAccess

Agent Configuration Guide

Scenario: Remote-Access VPN Configuration

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

RouteFinder. IPSec VPN Client. Setup Examples. Reference Guide. Internet Security Appliance

Transcription:

Cisco VPN Concentrator Implementation Guide Copyright Copyright 2006, CRYPTOCard Corp. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of CRYPTOCard Corp.

Cisco VPN Concentrator Application Overview This document presents the necessary steps to configure a Cisco VPN 3000 Concentrator (models 3005 through 3080) for use with CRYPTOCard tokens. The Cisco VPN 3000 Concentrator is used to create encrypted tunnels between hosts. The product is able to control access to LAN resources and assign local IP addresses based on authentication information, such as a username and password. CRYPTO-Server works in conjunction with the Cisco VPN 3000 Concentrator to replace static passwords with strong two-factor authentication that prevents the use of lost, stolen, shared, or easily guessed passwords when establishing a tunnel to gain access to protected resources: 1. Using the Cisco VPN Client, the user establishes a connection to the internal network using his/her logon name and PIN + One-time password. 2. The VPN concentrator passes the authentication information to the CRYPTO-Server (via the RADIUS protocol). 3. CRYPTO-MAS Server sends back Access-Accept/Deny to the VPN concentrator. 4. Once successfully authenticated, the user gains access to the network. The CRYPTO-Server distribution includes a plug-in for the Cisco VPN Client software which, when used in conjunction with a CRYPTOCard ST-1 Software, SC-1 Smart Card, or UB-1 USB token, automates the authentication and logon process for users. The CRYPTOCard Cisco VPN plug-in is supported in version 4.9 of the Cisco VPN client on PPC and Intel Macs and 4.8 on Windows. Cisco VPN Concentrator Implementation Guide 1

Prerequisites The following systems must be installed and operational prior to configuring the VPN concentrator to use CRYPTOCard authentication: Ensure that the end user can authenticate through the concentrator with a static password before configuring the concentrator to use CRYPTOCard authentication. An initialized CRYPTOCard token assigned to a valid CRYPTOCard user. The following CRYPTO-MAS server information is also required: Primary CRYPTO-MAS RADIUS Server Fully Qualified Hostname or IP Address: Secondary CRYPTO-MAS RADIUS Server Fully Qualified Hostname or IP Address (OPTIONAL): CRYPTO-MAS RADIUS Authentication port number: CRYPTO-MAS RADIUS Accounting port number (OPTIONAL): CRYPTO-MAS RADIUS Shared Secret: Cisco VPN Concentrator Implementation Guide 2

Cisco VPN 3000 Concentrator Configuration In order for the VPN concentrator to authenticate CRYPTOCard token users, RADIUS authentication must be configured on the concentrator and an IPSec group must be created for CRYPTOCard token users. Configuring the Cisco VPN 3000 Concentrator consists of 4 steps: Step 1: Add a RADIUS server Step 2: Test the authentication server Step 3: Create a CRYPTOCard group Step 4: Cisco VPN Client Configuration Step 1: Add a RADIUS Server 1. In the VPN configuration manager, select Configuration Servers Authentication. 2. Click Add to add a new authentication server. Fill in the information for the CRYPTO-MAS RADIUS server obtained from the prerequisites section. Once all the information is entered click Add. Ensure that the RADIUS server is the first entry in the Authentication Servers list Cisco VPN Concentrator Implementation Guide 3

Step 2: Test the Authentication Server 1. Once the RADIUS server has been added to the VPN concentrator setup, use the internal test mechanism to ensure the VPN concentrator can authenticate to it using a CRYPTOCard token. From the Authentication Servers menu, select the RADIUS server, and click Test. 2. Enter the User Name of a CRYPTOCard account, and the next Password generated by the token assigned to that user. Click OK. Step 3: Creating a CRYPTOCard group In order for CRYPTOCard token users to make VPN connections, a VPN Group must be properly configured. 1. In the VPN configuration manager, select Configuration User Management Groups. 2. Click Add Group to add a new group. 3. Enter a Group Name and a static Password. Select Internal group as the Type. This internal group name and password must be used by all CRYPTOCard end-users when they want to connect using the VPN client. 4. Under the IPSec tab, select RADIUS in the Authentication pull-down menu. 5. Click Add to add this group to the VPN concentrator. 6. Ensure this newly created group has an Address Pool of IP addresses that can be assigned to the VPN client connections. Select the Group and click Address Pools. Then click Add and enter the Range Start, Range End, and Subnet Mask. Apply the change. Cisco VPN Concentrator Implementation Guide 4

Step 4: Cisco VPN Client Configuration You must configure the VPN client software to enable the end user to connect to the IPSec group. Create a New VPN Connection Entry From the Cisco VPN Client software, click New to create a new connection entry. Fill in the information for the connection entry, using the group name and password specified in Step 3. Connect using the Cisco VPN client Choose the connection entry created and click Connect. A dialog box will open requesting a Username and Password. Enter the CRYPTOCard Username. Generate a one-time password from the CRYPTOCard token and enter your PIN followed by the one-time password in the Password field. Click OK. Once the concentrator has verified the username and password with the CRYPTO-Server database, the connection will be established. Cisco VPN Concentrator Implementation Guide 5

Solution Overview Summary Product Name Cisco VPN Concentrator 3000 Vendor Site http://www.cisco.com Supported VPN Client Software Windows 2000/XP 4.8, Mac OS X Tiger 4.9 Authentication Method RADIUS authentication Supported RADIUS Functionality RADIUS Authentication Encryption Authentication Mode New PIN Mode PAP MSCHAPv2 One-time password Challenge-response Static password User-changeable Alphanumeric 4-8 digit PIN User-changeable Numeric 4-8 digit PIN Server-changeable Alphanumeric 4-8 digit PIN Server-changeable Numeric 4-8 digit PIN Trademarks CRYPTOCard, CRYPTO-Server, CRYPTO-Web, CRYPTO-Kit, CRYPTO-Logon, CRYPTO-VPN, are either registered trademarks or trademarks of CRYPTOCard Corp. Microsoft Windows and Windows XP/2000/2003/NT are registered trademarks of Microsoft Corporation. All other trademarks, trade names, service marks, service names, product names, and images mentioned and/or used herein belong to their respective owners. Publication History Date October 25, 2006 November 5, 2006 November 29, 2006 Changes First Draft Creation Global Edit Minor revision Cisco VPN Concentrator Implementation Guide 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information