1. Manuals
  2. Brands
  3. nordic edge Manuals
  4. Software
  5. ASA 5500
  6. Installation manual

nordic edge ASA 5500 Installation Manual

Strong authentication for cisco asa 5500 clientless ssl vpn and cisco vpn client solution
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Installation Guide
Strong authentication for Cisco ASA
5500 Clientless SSL VPN and Cisco
VPN Client Solutions with
One Time Password Server
The complete installation guide for securing the authentication to your Cisco ASA
5500 solution with Nordic Edge One Time Password Server, delivering two-factor
authentication via SMS to your mobile phone. For both clientless SSL VPN and Cisco
VPN Client.
Page 1 of 49
Strong Authentication for Cisco ASA 5500 Solutions with Nordic Edge
One Time Password Server

Advertisement

Table of Contents
loading

Summary of Contents for nordic edge ASA 5500

  • Page 1 The complete installation guide for securing the authentication to your Cisco ASA 5500 solution with Nordic Edge One Time Password Server, delivering two-factor authentication via SMS to your mobile phone. For both clientless SSL VPN and Cisco VPN Client. Page 1 of 49...

  • Page 2: Table Of Contents

    Installation Guide Content SUMMARY ............................4 PREREQUISITES ........................... 4 IMPORTANT INFORMATION REGARDING COMMUNICATION ..........4 GETTING STARTED ........................5 1.1 Download the software ....................... 5 Register and download the software ..................6 INSTALLATION ..........................9 Start the installation ........................9 Installing license ........................
  • Page 3 CONFIGURING ASA5500 FOR CISCO VPN CLIENT AUTHENTICATION WITH NORDIC EDGE OTP SERVER ..........................45 10.1 Add a new ( or Edit an existing) Cisco VPN Client Connection Profile to use the OTPserver............................. 45 10.2 At the Cisco VPN Client, create an entry with correct name and password ..... 46 Name must match the connection profile name at previous slide.

  • Page 4: Summary

    Nordic Edge One Time Password Server, delivering two-factor authentication via SMS to your mobile phone. For both clientless SSL VPN and Cisco VPN Client. You will be able to test the product with your existing Cisco ASA 500 and LDAP user database, without making any changes that affect existing users.

  • Page 5: Getting Started

    Installation Guide 4 Getting started 4.1 1.1 Download the software Go to www.nordicedge.se and click on Download Page 5 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 6: Register And Download The Software

    Installation Guide 4.2 Register and download the software Page 6 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...
  • Page 7 Installation Guide A 30 days evaluation license will be sent via e-mail You will receive a link for downloading the software. when you download the software. Download the version with JAVA included. Page 7 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...
  • Page 8 Installation Guide Page 8 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 9: Installation

    Installation Guide 5 Installation 5.1 Start the installation Start the installation on the server where you want to install the One Time Password Server Page 9 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...
  • Page 10 Installation Guide Page 10 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 11: Installing License

    Installation Guide 5.2 Installing license Choose the license.dat that you have received via e-mail. This is important, since if you want to request a demo SMS account at Nordic Edge later in the installation, you need to install the license at this moment.
  • Page 12 Installation Guide Note, if you are in a test-phase, we recommend that you do not install the OTP-Server as a Windows Service. Page 12 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...
  • Page 13 Installation Guide Page 13 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...
  • Page 14 Installation Guide Page 14 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 15: Configuring The One Time Password Server

    Installation Guide 6 Configuring the One Time Password Server 6.1 Start the OTP Configuration Start the OTP Configurator by clicking on Programs / NordicEdge / OTP Configurator Page 15 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 16: Server Page

    Installation Guide 6.2 Server page On the Server page you can set the length of the one-time password and for how long it should be valid. Default is 5 minutes. You can also set a default country prefix, which means that you will not need to state it in the mobile attribute.

  • Page 17: Plugin Manager Page

    Installation Guide 6.3 Plugin manager page On the Plugin manager page you can configure all methods and in which order you want to use them. In this case we will be using Nordic Edge SMS gateway to deliver the one-time password via SMS to your mobile phone.

  • Page 18: Nordic Edge Sms Plugin

    Installation Guide 6.3.1 Nordic Edge SMS Plugin Move the Plugin Nordic Edge SMS to the top of the plugins. Page 18 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 19: Nordic Edge Sms Page

    Installation Guide 6.4 Nordic Edge SMS Page Look at the Nordic Edge SMS Page. If you installed the license.dat during the installation and checked the box "Request a demo SMS account at Nordic Edge", an account should now be preconfigured for you.

  • Page 20: Radius & Client Page

    Installation Guide 6.5 Radius & Client page For configuring One Time Passwords Server to act as radius server go to the Radius & Client page. Page 20 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 21: Enable Radius

    Installation Guide 6.5.1 Enable Radius Enable Radius and choose one of the radius ports 1645 or 1812 that you want to use. Make sure that the client (Cisco 5500 ASA) is using the same radius port. Page 21 of 49 www.nordicedge.se...

  • Page 22: Add Client

    Installation Guide 6.6 Add client Click on Add Client and enter Client Display name and the ip-address for the Cisco 5500 ASA. Please note that you should not use the hostname here. Make sure that “Is RADIUS” is checked and enter the correct Shared Secret.

  • Page 23: Configure Ldap

    Installation Guide 6.7 Configure LDAP Enter a Database Display Name and the host address for your LDAP user database. In this case we are using Microsoft Active Directory with SSL and the users’ mobile attribute for sending one time passwords. 6.7.1 Test LDAP Connection Click on Test LDAP Connection and make sure that you get an LDAP Connection Success.
  • Page 24 Installation Guide Page 24 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 25: Selecting Search Base Dn

    Installation Guide 6.7.2 Selecting Search Base DN Click on the box for selecting Search Base DN: Page 25 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...
  • Page 26 Installation Guide Select a Base Dn where your users are. Page 26 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 27: Select Search Filter

    Installation Guide 6.7.3 Select Search filter Click on samples and select the right filter for your LDAP User database, in this case Active Directory. Page 27 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...
  • Page 28 Installation Guide Page 28 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 29: Test Ldap Authentication

    Installation Guide 6.7.4 Test LDAP Authentication Click on Test LDAP Authentication and make sure you can authenticate. Page 29 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...
  • Page 30 Installation Guide Exit the configurator by clicking OK twice and make sure to click on the Save button End of Step “Configuring the One Time Password Server” Page 30 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 31: Start The One Time Password Server

    Installation Guide 7 Start the One Time Password Server Start the One Time Password by going to Program folder, NordicEdge,OTPServer and klick on OTP Server Page 31 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 32: Add Mobile Phone Number With Microsoft Management Console

    Installation Guide 8 Add mobile phone number with Microsoft Management Console Add mobile phone number to your test users mobile phone attribute Start MMC and select the user that you want to use for testing and enter the mobile phone number in the Mobile attribute.

  • Page 33: Configuring Asa5500 For Ssl Vpn Authentication With Nordic Edge One Time Password Server

    Installation Guide 9 Configuring ASA5500 for SSL VPN authentication with Nordic Edge One Time Password Server 9.1 Start ASA device manager 9.2 Browse to Configuration, Remote Access VPN, AAA/Local Users, AAA Server Groups and click Add. Page 33 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 34: Name Server Group Otpserver, Choose Protocol Radius

    Installation Guide 9.3 Name Server Group OTPserver, choose protocol RADIUS Page 34 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 35: Add New Radius Server To The Radius Group

    9.4 Add new radius server to the RADIUS group 9.5 Configure Radius Server : Interface name, IP address to OTPserver and the pre-shared key between the One Time Password server and Cisco ASA5500. Ensure you use the same radius ports in both OTPserver ASA5500.
  • Page 36 Installation Guide You have now configured a group ”OTPserver” and defined a Radius Server in this group. This group can now be used as an authentication method. Page 36 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 37: Create A "Test" Connection Profile (In Case You Want To Test This For Certain Users Only)

    Installation Guide 9.6 Create a ”test” connection profile (in case you want to test this for certain users only). 9.6.1 Browse to Configuration/Remote Access/Clientless SSL VPN Access/Connection Profiles and click Add Page 37 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 38: Specify Connection Profile Name

    Installation Guide 9.6.2 Specify Connection Profile Name 9.6.3 Specify AAA Server Group = OTPserver Page 38 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...
  • Page 39 Installation Guide Page 39 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 40: Edit Connection Profile Clientless Ssl Vpn Settings

    Installation Guide 9.6.4 Edit Connection Profile Clientless SSL VPN Settings 9.6.5 Add Alias if user should be able to select authentication method by drop- down-list Page 40 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 41: Edit Connection Profile Clientless Ssl Vpn Settings

    Installation Guide 9.6.6 Edit Connection Profile Clientless SSL VPN Settings 9.6.7 Add Group URL if user should be able to select authentication by specifying URL 9.6.8 If user should be allowed to select authentication method by drop-down- list, 9.6.9 select this item. Page 41 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...
  • Page 42 Installation Guide Page 42 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...
  • Page 43 Installation Guide Page 43 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...
  • Page 44 Installation Guide Login successful, the user will now get to his portal, which can be customized depending on Active Directory membership, PC health status ( antivirus , hotfix etc ) and authentication method Page 44 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 45: Configuring Asa5500 For Cisco Vpn Client Authentication With Nordic Edge Otp Server

    Installation Guide 10 Configuring ASA5500 for Cisco VPN Client authentication with Nordic Edge OTP Server 10.1 Add a new ( or Edit an existing) Cisco VPN Client Connection Profile to use the OTPserver Page 45 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 46: At The Cisco Vpn Client, Create An Entry With Correct Name And Password

    Installation Guide 10.2 At the Cisco VPN Client, create an entry with correct name and password • Name must match the connection profile name at previous slide. • Password must match the pre-shared key in ASA5500. (Note : This can be distributed via MSI installation) Page 46 of 49 www.nordicedge.se...

  • Page 47: Start Testing

    Installation Guide 11 Start testing 11.1 Enter your Userid and password as usual 11.2 You will receive a one-time password to your mobile phone within a couple of seconds. Page 47 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 48: Enter Your One Time Password And Click On "Ok

    Installation Guide 11.3 Enter your one time password and click on “OK”. Page 48 of 49 www.nordicedge.se Copyright, 2008, Nordic Edge AB...

  • Page 49: Purchase

    Installation Guide 12 Purchase If you want to purchase the product, you are more than welcome to contact us at sales@nordicedge.se and we will send you an offer. Please note that the price will depend on number of users. 13 Technical questions If you have any technical questions, please contact us at support@nordicedge.se Thank you for showing interest in our product...

This manual is also suitable for:

One time password server

Table of Contents