Home

Cisco Systems NORDIC EDGE ASA 5500 User's Manual

1. 20 6 5 1 Enable Radius MM 21 6 6 Rn E 22 6 7 CONTOUPE Bp AP E 23 6 7 1 Test LDAP Connection cccccccccccccceeeaaeeesssesseeeeeeeeeeeceeseenaaaaaesaasceeeceeeeeseseeesseaaaaaaaseess 23 6 7 2 Selecting Search Base DN 25 6 7 3 Select Search i UT m Mr 27 6 7 4 Test LDAP Authentication m 29 7 START THE ONE TIME PASSWORD SERVER c cccccesesseeeeeeeeeeeeeeneeeseeseeeeeseeseeneeseeeneenees 31 8 ADD MOBILE PHONE NUMBER WITH MICROSOFT MANAGEMENT CONSOLE 32 9 CONFIGURING ASA5500 FOR SSL VPN AUTHENTICATION WITH NORDIC EDGE ONE TIME PASSWORD SERVER eege 33 9 1 Start ASA device managger liess iieeeeeeieeee nennen KEEN KARNA RAR nnn nh nnn RAR RR RAR RR RAR ARR RAR ARR 33 www nordicedge se Copyright 2008 Nordic Edge AB Page 2 of 49 VE Installation Guide nordic edge 9 2 Browse to Configuration Remote Access VPN AAA Local Users AAA Server Groups and Tei ee EE 33 9 3 Name Server Group OTPserver choose protocol RADIUS 34 9 4 Add new radius server to the RADIUS Qroup cccccssesseeeeeeseeesseeeeeeseeseeeseaeneeseeneessenenees 35 9 5 Configure Radius Server Interface name IP address to OTPserver and the pre shared key between the One Time Password server and Cisco ASA5500 sse 35 9 6 Create a test connection profile in case you want to test th
2. eeeeeeeeeereeeee 46 Note This can be distributed via MSI installation eeee eere ener 46 11 XP LSMI OIMSICM c 47 11 1 Enter your Userid and password as usual eeeeeeeeeeeeee eene enne 47 11 2 You will receive a one time password to your mobile phone within a couple of seconds 47 11 3 Enter your one time password and click on OKC eceeeeeeeeee eene nnne 48 12 PURE TIA Rc ON len 49 13 TECHNIGAL e te LEE 49 www nordicedge se Copyright 2008 Nordic Edge AB Page 3 of 49 VE Installation Guide nordic edge 1 Summary This is the complete installation guide for securing the authentication to your Cisco ASA 5500 solution with Nordic Edge One Time Password Server delivering two factor authentication via SMS to your mobile phone For both clientless SSL VPN and Cisco VPN Client You will be able to test the product with your existing Cisco ASA 500 and LDAP user database without making any changes that affect existing users The guide will also allow you to make the complete installation effeciently using a maximum of 1 hour Nordic Edge provides several methods for delivering one time passwords like e mail tokens mobile clients prefetch etc however in this test we are only going to use SMS This is a step by step guide that covers the entir
3. 6 7 4 Test LDAP Authentication Click on Test LDAP Authentication and make sure you can authenticate Test LOAP Authentication LDAP Test Authentication EE gd Username i ce www nordicedge se Copyright 2008 Nordic Edge AB Page 29 of 49 M d ordic edge Installation Guide Authentication jdae Password eem Authentication Success 1 J Authentication Success Far doe Exit the configurator by clicking OK twice and make sure to click on the Save button mois Server Radius amp Clients Misc Plugin manager NordicEdae SMS Prefetch Detection External OATH Instant M E P NordicEdge OTPServer Configurator Iw Enable Radius Radius Settings Portnr 1645 Timeout jo millisecs Bind to This IPAddress v Al DebugPackets Iv r Clients Radius amp Native Lat Pu MN Client hames iP IF is Radius Liser Database X natlendge Cisco 5500 ASA EN Global Options i eee ok FAI Tes bb a nl 787m iv Prevent SOL Injection Attac LDAP idle reconnect oj minutes jw Prevent LDAP Injection Attacks LDAP follow referrals iv Cancel WM nordic edge Copyright NordicEdge AB 2002 2008 End of Step Configuring the One Time Password Server www nordicedge se Copyright 2008 Nordic Edge AB Page 30 of 49 d Installation Guide nordic edge 7 Start the One Time Password S
4. 9 6 Create a test connection profile in case you want to test this for certain users only 9 6 1 Browse to Configuration Remote Access Clientless SSL VPN Access Connection Profiles and click Add www nordicedge se Copyright 2008 Nordic Edge AB Page 37 of 49 VE Installation Guide nordic edge SS Cisco ASDM 6 1 for ASA 192 1 1 1 Sr View pFfoss Wizares Window Help Look ror E en toon Wiener E En 8 N VEN TT s nion g 4 v m V bil ees j Da dh j S p ISCO LU Access Interfaces feb Network Client Access i AnyConnect Connection t Enable interfaces For chentless SSL VPN access and indicate whether to require a certificate for access iub IPsec Connection Profiles Group Policies Dynamic Access Policies H AnyConnect Cusbomizatic Address Assignment A Advanced management Access Port 443 Click here to Assign Certificate to Interface ta Client Server Plug ins Login Page Setting 17 Customization C Allow user to select connection profile idenitified by its alias on the login page Otherwise Default WebVPNGroup will be the connection profile Help Customization BK 0 Allow user to enter internal password on the login page Smart Tunnels ta Web Contents Connection Profiles Group Policies i profile tunnel group specifies how user is authenticated and other parameters Dynamic Access Policies w Advanced Edi ii inet Easy VPN Remote
5. Accept Pwd chang Inactive Attribute mg Admin DN en administrator cn users DC Nor Inactive value Password dos esee Disable OTP Attribute T Test LDAP Connection Disable OTP Value rmm Search Settings Search Base DN Search Scope SUB Nr of Connections 5 Search Filter Start dor Sero fees ance JtabjeckclasszinetorgPerson Test LDAP Authentication Onetime Password Prefetch Pin cade Enable OTP Prefetch Enable Pin Cade Configure Prefetch OTP Gonhigure Pin Gode Advanced options External Databasehandler OK Cancel www nordicedge se Copyright 2008 Nordic Edge AB Page 25 of 49 d Installation Guide nordic edge Select a Base Dn where your users are New User Database H X Database Display Mame Database Type LDAP _ _ BaseDN Database is fc Ea LDAP ICBC Database Directory Services Browser 73 Directory Services Multiple Mamingcontexks DE DC Foresktbnszones DC nordicedge Dc lacal DLC Dc DpamainDnszones DC nardicedge Dc lacal DLC ChssGchema CW Configuration OC nordicedge OC local pt Pd change DCH CN Contiguration OC nordicedge OC local 2 DC2nordicedge DC lacal EHE CN Builtin bC nordicedge DC local EHE CN ForeignsecurityPrincipals OC nordicedge OC local E O CH Program Data DC nordicedge DC local H j CN System D nordicedge OC local Not 3 153 Ch Users De nardicedge Deco Oc d e I OU Conf
6. EEN Hemnte control Terminal Services Profile COM Console Root Mame d Active Directory Sites and iz Domain Guests 7 Active Directory Users anc fT Domain Users Sec 5 EET saved Queries fT Enterprise A Sec E gl nordicedge local f Group Policy Sec General Address Account Profle Telephones Organization Telephone numbers Home H E Builtin Guest Use Sembee fT Helpservices Sec Eager Ge jdoe Use LJ Domain Controller E E FareignSecurityPri E E Internalllsers LJ MordicEdge f Nordic Edge Use ERAS and IAS Sec fT schema Admins Sec fT soLserverz0 i SBC fT sor serverz 4 Sec 50 serverzn vw SEC pu Fl asupport 38 Use IP phone Other es zm External Databasehandler OK Cancel www nordicedge se Copyright 2008 Nordic Edge AB Page 32 of 49 d Installation Guide nordic edge 9 Configuring ASA5500 for SSL VPN authentication with Nordic Edge One Time Password Server 9 1 Start ASA device manager 9 2 Browse to Configuration Remote Access VPN AAA Local Users AAA Server Groups and click Add S Cisco ASDM 6 1 for ASA 192 1 1 1 c fx Ee Ae Tools wizard GH UL ACC ui iL ER SOK FOP m SSG dee se on PES AL ENEE a I il I i ef T CG j P r po y I Help CISCO m dy Dynamic Access Policies A t3 AnwiConneck Customizatic pr Bap Address Assignment Server Group Acco
7. 2008 Nordic Edge AB Page 49 of 49
8. Adobe Reader 7 0 b j r rt FF F Identity eDirectory 8 8 i Microsoft Office Excel Viewer 2003 ut Microsoft Office Ward Viewer 2003 H ia nordic edge Ee LJ H XML Notepad 2007 g DbVisualizer OpenLDAP DbVisualizer 6 0 k k k Ld k Microsoft SQL Server 2005 tb Windows Update en NordicEdge 7 AAM3 Identity Manager f OTPServer HEJ OTP Configurator I programis j S T OTP Documentation un as AA Documents y 3 OTP Server LltraEdit 32 jj OTP TestTool 5 winzip x e Settings a Search b Send To k Cut Copy GA Help and Support Create Shortcut Delete Rename Windows Server 2003 Standard Edition Sort by Mame Properties Star i 8 IC VW hastisShared FalderslD www nordicedge se Copyright 2008 Nordic Edge AB Page 15 of 49 VE Installation Guide nordic edge 6 2 Server page On the Server page you can set the length of the one time password and for how long it should be valid Default is 5 minutes You can also set a default country prefix which means that you will not need to state it in the mobile attribute The One Time Password communicates with TCP protocol portnr 3100 Server Settings oo rr Mobile Mumbersz Portnr 3100 V Check Mobile Number Bind to This IPAddress v Al Default Country Prefix 46 Client Session Timeout lo millisecs Onetime Password Options O
9. MRE E Confirm Password Cerificate Authentication Name Send CA Certiticate Cham Erase User Password 11 Start testing 11 1 Enter your Userid and password as usual VPN Client User Authentication for atp nardicedeoe EN The server has requested the following information to complete the user authentication all Username ioe cisco ASNAN Password pem Ser 11 2 You will receive a one time password to your mobile phone within a couple of seconds www nordicedge se Copyright 2008 Nordic Edge AB Page 47 of 49 NE nordic edge Installation Guide C D Wu Ericsson One time password 217297 Send with Nordic Edge One Time Password Server 11 3 Enter your one time password and click on OK VPN Client User Authentication for otp nordicedge E Please enter your onetime password aleae eiseo Response 21 7296 www nordicedge se Copyright 2008 Nordic Edge AB Page 48 of 49 V d nordic edge Installation Guide 12 Purchase If you want to purchase the product you are more than welcome to contact us at sales nordicedge se and we will send you an offer Please note that the price will depend on number of users 13 Technical questions If you have any technical questions please contact us at support nordicedge se Thank you for showing interest in our product The Nordic Edge One Time Password Server Team www nordicedge se Copyright
10. Nordic Edge AB Page 9 of 49 Installation Guide nordic edge Where Would You Like to Install Program Files WordicEdge OTP Server Restore Default Folder Choose gt EElegclie Es e e Sie aera dre ned reden Her GE E ETE ETE Elter erit N EE Ietzll rpeadprtare zy Macroviziuri Cancel Previous YI MordicEdge OTP Server Version 2 Where would you like to create product icons C In a new Program Group MordicEdge OTF Server C In an existing Program Group Accessories sl Se ER Renee Fil C Inthe Start Menu C Windows Semte C On the Desktop Noire eltern SLANT i EH Other MenutProgramsiNordicEdgelO TPServer Choose ris ter ener ater C Dont create icons create Icons For All Users Eden LP TESTES sy TO ESTER D ER D Cancel Previous www nordicedge se Copyright 2008 Nordic Edge AB Page 10 of 49 VE Installation Guide nordic edge 5 2 Installing license Choose the license dat that you have received via e mail This is important since if you want to request a demo SMS account at Nordic Edge later in the installation you need to install the license at this moment E NordicEdge DTP Server Version Enter the path to the MordicEdge OTP Server license file licenise dat If vau da nat install the license file MardicEdge OTP Server will only run f r 10 minutes You can install the license file later by copying the license dat file to the lt otp installPath license
11. User Database Database Display Mame jap TEST Database Type Loar Database is for OTP Mobile Card users only LDAP di Database troup Host Settings Account Settings Host Address 192 168 0 201 OTP Attribute mobile D Portnumber e36 jv SSL TLS Login Retries Accept Pwd chang i 7 Inactive Attribute d i Admin DN cn administrator cn users DC Nor Inactive value Password esee Disable OTF Attribute Test LDAP Connection Disable OTP Value Search Base DN Search Scope SLIE Search Filter Start amp fcn Samples Search Filter End Wobjectclass inetorgpersony Samples Test LDAP Authentication Onetime Password Prefetch HK Pin cade Enable OTP Prefetch Enable Pin Code zonftiqure Prefetch GTF Gontigure Pin Gode Advanced options IT External Databasehandler www nordicedge se Copyright 2008 Nordic Edge AB Page 24 of 49 VE Installation Guide nordic edge 6 7 2 Selecting Search Base DN Click on the box for selecting Search Base DN New User Database E X Database Display Mame Database Type Loar Database is for OTP Mobile Card users only LDAP JE Database Group Host Settings Account Settings Host Address 192 168 0 201 OTP Attribute mobile II Portnumber 536 v 55L WE Login Retries
12. directory Mindo SERTE Gloden sieele ree siete einet rsen Hore pos eten enn en EST Irisitalleryesriere sey macrerisier Enter the path to the MordicEdge OTP Server license file license dat If vou do not install the license file NordicEdge OTP Server will only run for 10 minutes You can install the license file later by copying the license dat file to the lt otp installPath license directory KO VI WESETIDE SENGT GE License File c 9 Rresnetallation sudda 7 1 251 meta i Choose a File My Recent Documents 6 Desktop My Documents www nordicedge se Copyright 2008 Nordic Edge AB Page 11 of 49 VE Installation Guide nordic edge X NordicEdge OTP Server Yersion 27 Would you like to install MardicEdge OTP Server as a windows service Elie sela su Sera pireclrsitllsitier s FFIFTISIES Tren HET Inst saraa Iristeillesriysvriera oy W crmdzlon Note if you are in a test phase we recommend that you do not install the OTP Server as a Windows Service www nordicedge se Copyright 2008 Nordic Edge AB Page 12 of 49 Installation Guide nordic edge iJ NordicEdge OTP Server Version 2 Would vau like to request a demo SMS account at NordicEdge A demo SMS account will he valid for 30 days or a 100 SMS Far prices and more information contact NordicEdge Mail salesim nordicedge se Phone 46 8 6431674 Web httpwww nordicedge se L9 Tre Trete E EIE RESET
13. mb AAA Local Users Method AA LOCAL Ti raf et A E NW eg TI d Device Management m App Configuration changes saved successful T BN TG 2008 11 21 11 00 53 KS 9 6 2 Specify Connection Profile Name 9 6 3 Specify AAA Server Group OTPserver www nordicedge se Copyright 2008 Nordic Edge AB Page 38 of 49 VE Installation Guide nordic edge www nordicedge se Copyright 2008 Nordic Edge AB Page 39 of 49 M d nordic edge Installation Guide 9 6 4 Edit Connection Profile Clientless SSL VPN Settings 9 6 5 Add Alias if user should be able to select authentication method by drop down list Add Clientless SSL YPN Connection Profile Basic Portal Page Customization DfitCustomization v 2 Advanced General Enable the display of Radius Reject Message on the login screen when authentication is rejected Authentication Authorization Accounting MetBIOS Servers mechentiess 55L VPN Enable the display of SecurId messages on the login screen Alias SMS password Enabled L Group URLs dh Add f Delete URL www nordicedge se Copyright 2008 Nordic Edge AB Page 40 of 49 M d nordic edge Installation Guide 9 6 6 Edit Connection Profile Clientless SSL VPN Settings 9 6 7 Add Group URL if user should be able to select authentication by specifying URL S Add Clientless SSL YPN
14. y 2008 11 21 10 46 33 UTC Page 34 of 49 VE Installation Guide nordic edge 9 4 Add new radius server to the RADIUS group SG Cisco ASDM 6 1 for ASA 192 1 1 1 fe fme lt cisco ote Access VPN n 8 x Hy Dynamic Access Policies a H ta BrvyConneck Custom abic a Address Assignment Server Group l Advanced f Chentless SSL VPN Access ia Connection Profiles Bg Portal Bookmarks ta Chent Server Plug ins Customization 7 Help Customization b Port Forwarding Smart Tunnels D Web Contents Wi Group Policies Dynamic Access Policies ta Advanced a Easy VPN Remote AAAI oc Llsers BAJA Server Grogps LDAP Attribute Map fil Local Users AA Secure Desktop Manager DO Certificate Management AAA Server Groups Interf ace EJ E 2008 11 21 10 52 13 UTC 9 5 Configure Radius Server Interface name IP address to OTPserver and the pre shared key between the One Time Password server and Cisco ASA5500 Ensure you use the same radius ports in both OTPserver ASA5500 www nordicedge se Copyright 2008 Nordic Edge AB Page 35 of 49 V d Installation Guide nordic edge f Cisco ASOM 6 1 for ASA 192 1 1 1 B E F rtal D i Bookmarks f Customization SS Add AAA Server Server Group OTPserver Interface Mame management Server Name or IP Address 10 1 200 23 Tirneout RADILIS Parameters Server Authentication Port 1645 Server Accounting Port Retry Interva
15. 08 Nordic Edge AB Page 18 of 49 VE Installation Guide nordic edge 6 4 Nordic Edge SMS Page Look at the Nordic Edge SMS Page If you installed the license dat during the installation and checked the box Request a demo SMS account at Nordic Edge an account should now be preconfigured for yOu P NordicEdge OTPServer Configurator i al xl Server Radius amp Clients Misc Plugin manager MardicEdge SMS Alerts Extended HTTP SMTP Instant Messa HordicEdge SMS Gateway Options General Settings Username MordicEdgesMSGatewayaut Password E Flash SMS Iv Message Proxy Enable HTTP Proxy Server Disable PF SMS Status W Username in accountingfile Configuration amp Status Test Update Config Debug Save Cancel hk nordic edge Copyright Hordic Edge AB 2002 2008 www nordicedge se Copyright 2008 Nordic Edge AB Page 19 of 49 VE Installation Guide nordic edge 6 5 Radius amp Client page For configuring One Time Passwords Server to act as radius server go to the Radius amp Client page A NordicEdge OTPServer Configurator E gt Server Radius amp Clients Misc Plugin manager MordicEdge sms Alerts Extended HTTP SMTP Instant Messa Clients Radius amp Native Client Mame IP User Database Challenge Guth Server Add Client Edit Client Delete Client Global Options v Prevent SQL Injection At
16. Connection Profile Basic Portal Page Customization DfitCustomization v Advanced General Enable the display of Radius Reject Message on the login screen when authentication is rejected Authentication Authorization Accounting NetBIOS Servers Connection Aliases fc entless SSL VPN d Add Di Delete Enable the display of SecurId messages on the login screen Alias Enabled SS Add Group URL URL Ihttp 192 1 1 1 sms Enabled 9 E x Cem re 9 6 8 If user should be allowed to select authentication method by drop down list 9 6 9 select this item www nordicedge se Copyright 2008 Nordic Edge AB Page 41 of 49 VE Installation Guide nordic edge f Cisco ASDM 6 1 for ASA 192 1 1 1 S alea cisco niim panne Lanfigur ge Access Interfaces Te d Enable interfaces for clenkess SSL VPN access and indicate whether to require a certificate for access ib IPsec Connection Profiles Ni Group Policies i Dynamic Access Policies AnyConnecr Customeabic i Be Address Assignment i 8 GA Advanced E f Clientless 55L VPN Access ER Connection Profiles ENK Portal D l Bookmarks ta Chent Server Plug ins Login Page Setting FE Customization 2 H k user to sele Help Customization Port Forwarding Alle Smart Tunnels D Web Contents Connection Profiles Group Policies Connection profile tunnel group specifies how
17. EST oy install M mb sm E ms mm dei TASEI Somna Irnistall meenara sv Macrodzlon Cancel Previous YI NordicEdge OTP Server Version 2 Please Rewew the Following Before Continuing Product Name MardicEdge OTP server Install Folder CAPragram Files NordicEdgexoT PServer Shortcut Folder retala C Documents and SettingsiAdministratornStart sisllb eure MenukPragramsxNardicEdgexo TPServer Install as Windows Services ND License File Irt errore oy wlecrovisior Cancel Previous www nordicedge se Copyright 2008 Nordic Edge AB Page 13 of 49 Installation Guide nordic edge X NordicEdge OTP Server Version 2 Me One Time Password ai Ca uL Merai OG ELE nordic edge Installing Java Runtime Environment Iristarllerresmere oy tlacrovision Cancel BEO O O O Eongratulations MardicEdge OTP Server has been successfully installed bo C Program Files NordicEdge OTPServer Press Done to quit the installer Irisiter lerra oy pulercrerzi sie Cancel Previous www nordicedge se Copyright 2008 Nordic Edge AB Page 14 of 49 d Installation Guide nordic edge 6 Configuring the One Time Password Server 6 1 Start the OTP Configuration Start the OTP Configurator by clicking on Programs NordicEdge OTP Configurator kW Temp Siemens Dirx 6 Administrative Tools NordicEdge Identity Manager K OpenOffice org 2 3 hif CJ a UltraEdit x MordicEdge Novell a
18. Edge AB Augustendalsvagen 62 131 27 Nacka Strand Sweden Tel 46 8 643 16 74 info nordicedge se http www nordicedge se registrering shtml lt ca a x 538 amp 2 Mest bes kta I Exdemo Senaste nytt NE Salesforce Gi Support Portal Subban Identity Manager Qbranch log d 3 NordicEdge Salesforce nordic edge BE ru J Download m www nordicedge se Copyright 2008 Nordic Edge AB Page 6 of 49 VE Installation Guide nordic edge Nordic Edge Identity management and strong authentication Mozilla Firefox e RES Arkiv Redigera Visa Historik Bokm rken Verktyg Hj lp m SS e x A va http www nordicedge se registrering shtml LW d Cl Google P NE nordic edge VE P nordic edge ome Products References Partners Events News Contact Us Download Demo Support Software Evaluation Registration Form Please fill in this form to get an evaluation of our software On submit a mail will be sent to the registered address with information on how to download the software Upon download of the software a 30 day evaluation license will also be sent to your mail address First name Last name Company Mail Phone no Select software Identity Manager OTP Server Automatic Account Manager Secure FTP server You will receive a link for downloading the software A 30 days evaluation license will be sent via e mail wh
19. Installation Guide Strong authentication for Cisco ASA 5500 Clientless SSL VPN and Cisco VPN Client Solutions with VE nordic edge One Time Password Server The complete installation guide for securing the authentication to your Cisco ASA 5500 solution with Nordic Edge One Time Password Server delivering two factor authentication via SMS to your mobile phone For both clientless SSL VPN and Cisco VPN Client Strong Authentication for Cisco ASA 5500 Solutions with Nordic Edge One Time Password Server Page 1 of 49 VE Installation Guide nordic edge Content 1 SUMMARY EE 4 2 PREREQUISITES E 4 3 IMPORTANT INFORMATION REGARDING COMMUNICATION eee eren 4 4 GETTING STARTED cirmi anana hien n UNA NS dRI OEE EE EUN LE Eo UMESEUD MISSE 5 4 1 1 1 Download the software egene ENEE EA oaa RAR RR RAR du Ead 5 4 2 Register and download the SOftW2arC sssssssssssssrsrsssrrrnrrrrnnrrrrnrrr nn ARR RAKA RR RAR RAR ARR RAR KKR RAR nnn 6 9 INSTALLERA TIO WE 9 5 1 Start the installation sssssss ssssssssssss srrnnsrnnn ann nn RnR ARR DRAKAR ARR R KR d iua RR RR seca Ba dw ARR RR ARR RR RAR 9 5 2 Installing WU 11 6 CONFIGURING THE ONE TIME PASSWORD SERVER sssssssssrrssssnnnnsnnnnnsnnnnannnnnnnnnnnrnnnn rr nn rn nn nn nen 15 6 1 Silbe dent deed UTC Te TEE 15 6 2 gd DOO E 16 6 3 PIQUA manager DAG E 17 6 3 1 Nordic Edge SMS PUG IA BEE 18 6 4 Nordic Edge SMS P 40 LE 19 6 5 Radius amp e Te MT
20. MordicEdge AB 2002 2003 www nordicedge se Copyright 2008 Nordic Edge AB Page 17 of 49 d Installation Guide nordic edge 6 3 1 Nordic Edge SMS Plugin Move the Plugin Nordic Edge SMS to the top of the plugins Ps NordicEdge OTPServer Configurator nm gt Server Radius amp Clients Misc Plugin manager NordicEdge SMS Alerts Extended HTTP SMTP Instant Messa Installed Plugins MordicEdge SMS MordicEdge 5M5 Gateway Plugin c NordicE E Iv Alerts Mert Configuration Version 1 0 M OTP Moble TP Mobile Configuration version 1 0 M Thinline Cend ThinLinc Plugin Version 1 1 c Di Dn External OATH Extemal ATHConfigurationversiom EI E ExtendedHTTP ExtendedHTIP Sender Version 1 0 2 N E sISI T TT am OT through sme E E Instant Messaging WardcEdgeMub Chatplugn c NordcEdgs E UPFie UcPFlesendng Versoni2 NadkEd E SMPP NardcdgesMPPplugnicNoricEdgezon E CMG iMDZsendeVemoni NorkEdgez0n si Netsize BendOPHroghNeste O EI E nm Sed itixagbn EI E XI I I I 1 Mone sending plugins in red D Diels Save and refresh Move Down Save Cancel e nordic edge Copyright Hordic Edge AB 2002 2008 www nordicedge se Copyright 20
21. Partners Events News ContactUs Welcome to Nordic Edge Nordic Edge is one of the leading companies within IAM solutions Identity and Access Management The company was established in 2002 and has since delivered solutions to about a hundred larger companies and organizations Among our customers are the Swedish Social Insurance Office SAAB Ericsson the City of Stockholm EniAgip Italy and the Swiss Government A total of more than 2 million identities are administered with Nordic Edge products Nordic Edge is a specialist within secure identity management both regarding access authorization and user administration Our customer offer consists of a number of our own unique platform independent products and qualified services Nordic Edge products in a few words One Time Password Server Secure login with one time passwords via SMS to your cell phone Identity Manager The tool for delegated user administration Automatic Account Manager Enables automatic processes amp reporting regarding user information Certificate Services Secure login with e identification and X 509 certificates Secure FTP Server Secure file transfers Nordic Edge Automatic Account Manager leverages the rules and policies decided on within a company regarding the handling of user account to a set of automated actions mu R x I Googie Demo Support News 2nd July 2008 Nordic Edge One Time Password with Blue Coat ProxySG 12
22. Pin cade Gonhigure Prefetch OTF Adwanced options External Databasehandler OK Cancel www nordicedge se Copyright 2008 Nordic Edge AB Page 28 of 49 VE Installation Guide nordic edge New User Database E X Database Display Mame Database Type Loar we Database is for OTP Mobile Card users only LDAP JIVEE Database Group Host Settings Account Settings Host Address 192 168 0 201 OTF Attribute mobile Portnumber ess v SSL TLS Login Retries Accept Pwd change Inactive Attribute ga Admin OM cn administrator cn users DC Nor Inactive Value Password sesso spenkeeae Disable OTP Attribute FO m Test LDAP Connection Disable OTP Value pr Not Search Settings Search Base DN CN LIsers DC nardicedge DC lacal Bn Search Scope SUB Mr of Connections Search Filter Start 2 samAccountName Search Filter End Mobjectclass user Samples Onetime Password Prefetch Enable OTP Prefetch Enable Pin Code Configure Prefetch GTP Coptigore Pin Gode Pin code Advanced options External Databasehandler OK Cancel
23. TP Lenght e characters Regenerate Timeout fio secs OTP Valid Time E minutes OTP Composition Digits Client Settings M All Clients are Allowed Allow remote configuration Allowed Clients Encryption THttttt S M ST TPBsd 8 Options Ce Mo encryption Jw Enable Monitor Encryption if Client does encryption h Debug C Always Encryption Use Secure Random Save Cancel nordic edge Copyright Nordic Edge AB 2002 2008 www nordicedge se Copyright 2008 Nordic Edge AB Page 16 of 49 VE Installation Guide nordic edge 6 3 Plugin manager page On the Plugin manager page you can configure all methods and in which order you want to use them In this case we will be using Nordic Edge SMS gateway to deliver the one time password via SMS to your mobile phone P NordicEdge OTPServer Configurator LOL Server Radius amp Clients Misc paar manager Alerts MordicEdge sms Extended HTTP SMTP Instant Messa Installed Plugins Alerts Bert Configuration Version 1 0 E OTP nk OTP Mobile Configuration version 1 0 v E ThinLinc Cendio ThinLinc Plugin Version 1 1 c Di n Enternal OATH Enternal OATH Configuration version E d x x WW Wa bebe BedOTPWwuhNesm JE E HR BedomWwuhHrR E FR xl x Hone sending plugins in red Move Up m SEMIS Save and refresh Move Down Save Cancel nordic edge Copyright
24. au through the installation af NardicEdge OTP Server Lots ete Ter DET Itis strongly recommended that vou quit all programs before D Choose Shoricubkoier continuing with this installation ETT tell L l Click the Hext button to proceed to the next screen If vau want to pa Ss Zare 3 i i change something an a previous screen click the Previous button Fe 0 e e mi pu er Ciz tenir Fretnetallation Sunnan You may cancel this installation at any time by clicking the Cancel M button rri ten HEEL JI E risit b Garrats Installation and Use of NordicEdge OTP Server Requires Acceptance of the Following License Agreement NORDIC EDGE SOFTWARE LICENSE AND MAINTENANCE TERMS AND CONDITIONS T erret Polder O chocee TTE SGT BET C9 Select apila EY CLICKING ON THE YES BUTTON OR OPENING THE CO Windows Service ACCOMPANYING SOFTWARE PACKAGE YOU ARE CONSENTING TO BE BOUND BY THIS AGREEMENT IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT CLICK THE NO BUTTON AND THE Ell INSTALLATION PROCESS WILL NOT CONTINUE AND RETURN sel Sonina THE SOFTWARE PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND OF ANY LICENSE FEES PAID FSE Antie f accept the terms of the License Agreement C da NOT accept the term of the License Agreement Irrstallesriyovriere oy nlacravisiori www nordicedge se Copyright 2008
25. ct Shared Secret O x Server Radius amp Clients Misc Plugin manager NordicEdge SMS Prefetch Detection External GATH Instant M 4 Native or Radius Client X Jv Enable Radius Radius Settings Mew Client A NordicEdge OTPServer Configurator Portnr Client Display name cisco 5500 ASA Bind to This IPAddress Client IPAddress fisz 1 1 1 v Is RADIUS Shared Secret essen Client Name TP p Uses Challenge Response r Clients Radius amp Native Response Message Please enter your onetime password ae Add Clie User Databases Global Options User Database h Prevent SQL Injection jw Prevent LDAP Injection Mew Edit Delete OK Options Cancel Se nordic edge Copyright Nordic Edge AB 2002 2008 In the category User Database s click New www nordicedge se Copyright 2008 Nordic Edge AB Page 22 of 49 M d nordic edge Installation Guide a poe zuo amber d TO 6 7 Configure LDAP Enter a Database Display Name and the host address for your LDAP user database In this case we are using Microsoft Active Directory with SSL and the users mobile attribute for sending one time passwords 6 7 1 Test LDAP Connection Click on Test LDAP Connection and make sure that you get an LDAP Connection Success www nordicedge se Copyright 2008 Nordic Edge AB Page 23 of 49 NE Installation Guide nordic edge New
26. ctive Directory membership PC health status antivirus hotfix etc and authentication method www nordicedge se Copyright 2008 Nordic Edge AB Page 44 of 49 M d nordic edge Installation Guide I Mozilla Firefox Arkiv Redigera visa Historik Bokm rken Verktyg Hj lp A X Cc im E T https f 192 1 1 1 CSCOE portal html WAR IIGI c n e LA Mest bes kta C Customize Links 3 Free Hotmail windows Marketplace A windows Media FEC Windows Mozilla Firef S 7 CSCO 15 2 Q Mozilla Firef 1 Felvidsidh amp Mozilla Firef amp Mozilla Firef 2 Mozilla Firef ds IT Security s amp Mozilla Firef htt tml e ulli eet VPN Service cisco EE aen nor sl eh Web Applications Web Bookmarks e Browse Networks JA catweb Klar 192 1 1 1 10 Configuring ASA5500 for Cisco VPN Client authentication with Nordic Edge OTP Server 10 1 Add a new or Edit an existing Cisco VPN Client Connection Profile to use the OTPserver www nordicedge se Copyright 2008 Nordic Edge AB Page 45 of 49 VE Installation Guide nordic edge ES Cisco ASDM 6 1 for ASA 192 1 1 1 FER et bna cisco re a Zhang bum a AR ams RER a hinkarna t ZK Nm Sg arn F Cii blan eal ia Configuration gt Remote Access VPN gt Network Client Access gt IPsec Connection Profiles E Any mert Connection P MIPsac Connection Profiles Ri Group Policies Ad
27. e installation from A to Z It is based on the scenario that you are running your Cisco 5500 solution against Active Directory and that you install the One Time Password Server on a Windows Server The One Time Password Server is platform independent and works with all other LDAP user databases like eDirectory Sun One Open LDAP etc If you are not running Active Directory or Windows and if you have any questions regarding the slight differences in the installation process you are most welcome to contact us at support nordicedge se and we will take you through the entire process 2 Prerequisites You will need to have a server available for example a VMware virtual machine with Windows Server 2003 installed with Ethernet in bridge mode The server needs to have an ip address configured and must also be able to reach your DNS servers your Cisco 5500 ASA solution and the Active Directory Since the software is quite small and easy to remove you can also use any existing server in your network 3 Important information regarding communication The One Time Password Server is a software that you can place on any server in your internal network or DMZ The One Time Password Server needs to be able to communicate Outbound traffic with your LDAP or JDBC User Database Default port for LDAP and Secure LDAP is TCP port 389 636 The Integration Module needs to be able to communicate Outbound traffic with the One Time Password Server on TCP p
28. en you download the software Download the version with JAVA included www nordicedge se Copyright 2008 Nordic Edge AB Page 7 of 49 V d nordic edge Installation Guide B NordicEdge OTP Server Version 2 0 May 2008 Mozilla Firefox i 0 lt si H Arkiv Redigera Visa Historik Bokm rken Verktyg Hj lp Le LEI e X Cl Google Gre x oC nord Home About Us Products References Partners Events New Contact Us Download Nordic Edge One Time Password Server Download for release 2 0 May 2008 Documentation Nordic Edge One Time Password Server Administration Guide Downloads Platform With Java Without Java Windows Download 38 3M Download 11 9M Mac OS X Download 11 1M AIX Solaris Download 12 5M Download 12 5M Linux Download 67 2M HP UX Download 12 5M Download 13 1M Download 11 7M File Download bk RS Download Complete otp2setup exe from www nordicedge se Downloaded 38 2MB in 31 sec Download to E Download otpsetup exe Transfer rate 1 23MB 5Sec F Close this dialog box when download completes www nordicedge se Copyright 2008 Nordic Edge AB Support Page 8 of 49 VE Installation Guide nordic edge 5 Installation 5 1 Start the installation Start the installation on the server where you want to install the One Time Password Server LI lnstallAnywwhere will quide v
29. erver Start the One Time Password by going to Program folder NordicEdge OTPServer and klick on OTP Server Temp Sun Directory b Server 5 2 NT S nordic edge MordicEdge Siemens Dirx 6 Open Windows Update Run as i UltraEdit 32 Cal winzip k Zeen 1 at Administrative Tools NordicEdge Identity Manager Send To a Documents Bu ice 3 k ER E SE 23 Cut Adobe Reader 7 0 Lis Settings b d Copy ER Microsoft Office Excel viewer 2003 pco TU RT Create Shortcut gt Search b MicrosorE cO Xe ord Viewer 2003 Delete XML Notepad 2007 Rename k k k k k Beten EEE DbVisualizer 6 0 TF om IE Microsoft SQL Server 2005 NN fan MordicEdge o Shut Down OTP Configurator OTP Documentation AAMS3 OTP Server MEINE CH OTP TestTool Sort by Mame Properties Identity Manager 1 Windows Server 2003 Standard Edition www nordicedge se Copyright 2008 Nordic Edge AB Page 31 of 49 VE Installation Guide nordic edge 8 Add mobile phone number with Microsoft Management Console Add mobile phone number to your test users mobile phone attribute Start MMC and select the user that you want to use for testing and enter the mobile phone number in the Mobile attribute im Console1 z B x File Action Wiew Favorites Window Help e IER exe Ee o o da mp Eu m Console Boot Active Directory Users and Comp Hamisi 1i ZS SEENEN
30. ig 0C nordicedge C local Search Base ON E I OU Domain Controllers OC nordicedge DC local AES OU Internallsers OC nordicedge DC local Search Scope AES OU NordicEdge OC nordicedge OC local E eM CM Computers DC nordicedge DC local Z CM Infraskruckure DC nardicedge Dc lacal sera nem mp 2 CN Lost4ndFound OC nordicedge OC local i CN NTDS Quotas DC nordicedge DC local Host Address m Portnumber m Admin DM ep Password jr EE d Search Filter Start Samples Onetim Enable OTP Pref Config Advanced options Ok Cancel External Databaset OK Cancel www nordicedge se Copyright 2008 Nordic Edge AB Page 26 of 49 VE Installation Guide nordic edge 6 7 3 Select Search filter Click on samples and select the right filter for your LDAP User database in this case Active Directory New User Database X Database Display Mame Database Type Loar Database is for OTP Mobile Card users only LDAP Ene Database Group Host Settings Account Settings Host Address 192 168 0 201 OTP Atkribute mobile De Fortnumber ae LW 55L TL5 Login Retries Accept Pwd chang Inactive Attribute E Admin DN en administrator cn users DC Nor Inactive value Password seals desse Disable OTP Attribute FO a Test LDAP Connection Disable OTP Value Ir No
31. is for certain users only 37 9 6 1 Browse to Configuration Remote Access Clientless SSL VPN Access Connection Profiles ziaekelie ele E 37 9 6 2 Specify Connection Profile Name 38 9 6 3 Specify AAA Server Group OTPserverf nennen nnn nnn nnns 38 9 6 4 Edit Connection Profile Clientless SSL VPN Settings cccccccssseseeceeeeeeeeeeeeeeeeeeeeeeeas 40 9 6 5 Add Alias if user should be able to select authentication method by drop down list 40 9 6 6 Edit Connection Profile Clientless SSL VPN Settings esee 41 9 6 7 Add Group URL if user should be able to select authentication by specifying URL 41 9 6 8 If user should be allowed to select authentication method by drop down list 41 9 6 9 re Tea cA DSTI nes oNNON ENS INSSNSNNNNRSNNN SNSSRONE 41 10 CONFIGURING ASA5500 FOR CISCO VPN CLIENT AUTHENTICATION WITH NORDIC EDGE OTP SERVER f M 45 10 1 Add anew or Edit an existing Cisco VPN Client Connection Profile to use the JTF SOVET oona E ence cise cyaen nese men caneeessqnacusecascenmencsmencmntgceuuencuasuus ceceeusreussumaveutccecaceseavenuce 45 10 2 At the Cisco VPN Client create an entry with correct name and password 46 Name must match the connection profile name at previous side 46 Password must match the pre shared key in ASA5500
32. l 10 seconds Server Secret Key Common Password ACL Netmask Convert Standard D SDI Messages Message Table f 2009 11 21 10 52 13 UTC You have now configured a group OTPserver and defined a Radius Server in this group This group can now be used as an authentication method www nordicedge se Copyright 2008 Nordic Edge AB Page 36 of 49 VE Installation Guide nordic edge F amp Cisco ASDM 6 1 for ASA 192 1 1 1 Sle File View Tools Wizards Window Help Look For lte cisco 444 Server Groups x amp Address Assignment Server Group Protocol Accounting Mode Reactivation Mode Dead Time Max Failed Attempts GE Advanced LOCAL LOCAL iG clentess SSL VPN Access OTPserver cimi Connection Profiles c E Portal E Bookmarks B ta Client Server Plug ins TE Customization f Help Customization Port Forwarding Smart Tunnels A ta Web Contents Ri Group Policies 1 a Dynamic Access Policies lt ill gt FR Advanced y E Easy VPN Remote Servers in the Selected Group gi 444 Local Users ior og TPP Server Name or IP Address Interface Timeout e ow fe LDAP Attribute Map 10 1 200 23 j i fil Local Users ER D Secure Desktop Manager B GH Certificate Management lt lil Move Up Device Setup Move Down E Firewall Test Site to Site VPN I Device Management Configuration changes saved successfully Fx 2008 11 21 10 57 23 LITC
33. ort 3100 Or Radius with UDP port 1812 or 1645 Outbound traffic f you want to use the Nordic Edge SMS Gateway the One Time Password Server needs to be able to communicate Outbound traffic with otp nordicedge net and otp nordicedge se with HTTPS on TCP port 443 In this test scenario you will want to communicate with RADIUS port 1812 or 1645 and use our Nordic Edge SMS Gateway www nordicedge se Copyright 2008 Nordic Edge AB Page 4 of 49 V d nordic edge Installation Guide nwa NS ug u Mord ipe SES gei me fe Cw P amar Pare ord emet reckt Zap M CELO ee He aln a s ap ho d aia ret and o7 a V LDAP or OBC Uver moon ail F Database x er d Cisco ASA 5500 Cut baerd trey with OTF Feetai d es Fart 1100 ee RADUT on Port 1812 ar 1445 Oe Die Deana Series Application with native RADIUS support or integrated with OTP client API 4 Getting started 4 1 1 1 Download the software Go to www nordicedge se and click on Download www nordicedge se Copyright 2008 Nordic Edge AB Page 5 of 49 M d nordic edge Installation Guide r me E Nordic Edge Identity management and strong authentication Mozilla Firefox Arkiv Redigera Visa Historik Bokm rken Verktyg Hj lp Sia E Mest bes kta TI Exdemo Aj Senaste nytt NE Salesforce Support Portal Subban d 2 Identity Manager Qbranch log i3 NordicEdge X Salesforce dy 03 http www nordicedge se u Home AboutUs Products References
34. t Search Settings Search Base DN CN Lsers DiC nardicedge Dc lacal Search Scope SUB Mr of Connections E Search Filter Start amp cn ES Fler Er Wobjectclass inetOrgPerson Test LDAP Authentication Onetime Password Prefetch Pin Code Enable OTF Prefetch Enable Pin Code Configure Prefetch GTP Configure Pin code Advanced options External Databasehandler Ok Cancel www nordicedge se Copyright 2008 Nordic Edge AB Page 27 of 49 NE Installation Guide nordic edge New User Database Database Display Name Database Type Loar Database is for OTP Mobile Card users only LDAP IBS ababase troup Host Settings Account Settings Host Address IES 158 0 201 OTP Attribute mobile I Portnumber ee SECH BH Login Retries Accept Pwd change Inactive Attribute T Admin DN cn administrator cn users DC Nor Inactive value Password Guu Disable OTP Attribute S est LDAP ess Search Examples i ES Not Select Search Example eh SSS Search Base DN Oe K Standard LDAP Les SE Standard LDAP 5 SUB Novell eDirectory NOS Search Filter Start dor Microsoft Active Directory Samples Wobjectclass inetOrgPersony Samples Test LDAP Authentication Onetime Password Prefetch mm Pin code Enable OTP Prefetch Enable Pin Code Search Filter End Contiqure
35. tacks LDAP idle reconnect es minutes fv Prevent LDAP Injection Attacks LDAP Follow referrals EI Save Cancel V nordic edge Copyright Hordic Edge AB 2002 2008 www nordicedge se Copyright 2008 Nordic Edge AB Page 20 of 49 VE Installation Guide nordic edge 6 5 1 Enable Radius Enable Radius and choose one of the radius ports 1645 or 1812 that you want to use Make sure that the client Cisco 5500 ASA is using the same radius port P NordicEdge OTPServer Configurator nm x Server Radius amp Clients Misc Plugin manager MordicEdge sMs Alerts Extended HTTP SMTP Instant Messa hd Enable Radius Radiuz Settings Portnr 1645 Timeout lo millisecs Bind to This IPAddress 4 Al Debug Packets Clients Radius amp Native Client Mame IP User Database Challenge Guth Server Edit Client Delete Client Global Options Iw Prevent SQL Injection Attacks LDAP idle reconnect SES minutes vw Prevent LDAP Injection Attacks LDAP Follow referrals v Save Cancel nordic edge Copyright Nordic Edge AB 2002 2008 www nordicedge se Copyright 2008 Nordic Edge AB Page 21 of 49 VE Installation Guide nordic edge 6 6 Add client Click on Add Client and enter Client Display name and the ip address for the Cisco 5500 ASA Please note that you should not use the hostname here Make sure that Is RADIUS is checked and enter the corre
36. th June 2008 Nordic Edge is a supplier of certified software for BanklD e identification 7th May 2008 Nordic Edge One Time Password Server 2 0 released 29th April 2008 Gunnebo Troax protects IT assets with Nordic Edge s SMS based One Time Passwords 25th April 2008 Q Med keeps corporate network safe with SMS based One Time Passwords Success stories m SAAB SAAB significantly reduces their costs while maintaining good security with Mardin Eden Nna Tima Dassmmwmuard http www nordicedge se nerladdning shtml 4 2 Register and download the software EI Nordic Edge Identity management and strong authentication Mozilla Firefox Arkiv Redigera Visa Historik Bokm rken Verktyg Hj lp pe A NI _http www nordicedge se nerladdning shtml NE nordic edge D La WI Home AboutUs Products References Partners Events News Contact Us Downloads Evaluation software If you are interested in buying or to request an evaluation copy of any of our products please send a mail to sales Qnordicedge se Click here for online registration Click here to register One Time Password for Salesforce Data Sheets T One Time Password Sv Eng Polish Greg Password for Sv Eng Polish T Identity Manager Sv Eng Polish TZ Automatic Account Manager Sv Eng Polish T Certificate Services Sv Eng T7 Download all datasheets Sv Eng Polish Nordic
37. unting Mode Reactivation Mode Dead Time e E Advanced LOCA PEN WEEN AAA Server Groups 17 Customization S Help Customization b Port Forwarding n Smart Tunnels ta Web Contents NO Group Policies Dynamic Access Policies oy Easy VPN Remote Servers in the Selected Group Server Name or IP Address Interface DN Secure Desktop Manager 3 EH Certificate Management ca Ey fa 2008 11 21 10 46 33 UTC www nordicedge se Copyright 2008 Nordic Edge AB Page 33 of 49 V d Installation Guide nordic edge 9 3 Name Server Group OTPserver choose protocol RADIUS SS Cisco ASDM 6 1 for ASA 192 1 1 1 Be Dynamic Access Gt Bap Address Assignment E3 Advanced ffl Clientless 55L VPN Access EP Connection Profiles sw Partal ca Bookmarks ta Clent Server Plug ins fF Customization Help Customization Port Forwarding Smart Tunnels ta Web Contents Ri Group Policies Dynamic Access Policies ir He Advanced Servers in the Selected Group Server Name or IP Address DN Secure Desktop Manager E Certificate Management www nordicedge se SS Add AAA Server Group Server Group OTPserver Protocol RADIUS __ m Accounting Mode C Simultaneous Single Reactivation Mode Depletion O Timed Dead Time 10 minutes Max Failed Attempts 3 Enable interim accounting update T CT E E Copyright 2008 Nordic Edge AB lt cisco
38. user Is authenticated and other parameters p Dynamic Access Policies D Advanced bad 3f Edt D Delete Easy VPN Remote mh AAA Local Users ue led Aliases Authentication Method DNS Servers a AMA LOCAL 10 1 200 205 AAA LOCAL 10 1 200 205 AA ALOTPeerver 10 1 200 205 er ve UD ZU BEN y 2008 11 21 11 15 33 UTC www nordicedge se Copyright 2008 Nordic Edge AB Page 42 of 49 Nk Installation Guide nordic edge SSL VPN Service Mozilla Firefox Arkiv Redigera Visa Historik Bokm rken Verktyg Hj lp ECX A FO https 11192 1 1 1 CSCOE logon html de EBE LA Mest bes kta M Customize Links A Free Hotmail A windows Marketplace LJ Windows Media Windows Mozilla Firef we C5CO 15 2 amp Mozilla Firef Felvidsidh Mozilla Firef amp Mozilla Firef amp Mozilla Firef ill SSL VPN Service cisco Please enter your username and password GROUP SMS password v Klar 192 1 1 1 Q www nordicedge se Copyright 2008 Nordic Edge AB Page 43 of 49 M d nordic edge Installation Guide i it gp Se ee Se T as 1 is T EU ms E I F H xv Togi lbo nm Ik oe eme o RO I mI s Sa m I di rem bam FL orum rl o rm iL e GIAN b Sesba mg cen j ert po reoieba Dj pen tre Qs R ig Leg jo Res T mas jo um sm m du silacal s BEL VPN Garvice cisco Login successful the user will now get to his portal which can be customized depending on A
39. vanced i Dynamic Access Policies i B Any Connect Customizatioa ze De Address Assignment Pre shared Key Sii D Advanced IKE Peer Authentication fd Clentless 55L VPN Access Identity Certificate None ia Connection Profiles P Portal User Authentication Bookmarks ta Chent Server Plug ins 17 Customization T Help Customization Port Forwarding Server Group OTPserver et B Smart Tunnels Client Address Assignment D Web Contents DHCP Servers WI Group Policies ie Dynamic Access Policies Client Address Pools pool99 kl ta Advanced ios Easy VPN Remote m AAA Local Users Following Fields are attributed of the group policy selected above Enable IPsec protocol Enable L2TP over IPsec protocol e Nes P 3d EJ Hona 11 19 03 UTC 10 2 At the Cisco VPN Client create an entry with correct name and password e Name must match the connection profile name at previous slide e Password must match the pre shared key in ASA5500 Note This can be distributed via MSI installation www nordicedge se Copyright 2008 Nordic Edge AB Page 46 of 49 V d nordic edge Installation Guide VPN Client Properties for otp nordicedge Connection Entry otp nordicedge Besipin lc escription id CISCO Host 192 1 1 1 Authentication Backup Servers Dial Up e Group Authentication C Mutual Group Authentication Name See Re Password RRR

Cisco Systems NORDIC EDGE ASA 5500 User's Manual

Contents

Download Pdf Manuals

Related Search

Related Contents