Select Windows Microsoft Password is the PIN under PIN Management Launch the SecurEnvoy admin interface, by executing the Local Security ServerĪdministration link on the SecurEnvoy Security Server. SecurEnvoy supplies the second factor of authentication, which is the dynamic one time passcode (OTP) which is sent to the users mobile phone via SMS, email or use a Soft Token. This allows the users to only remember their Domain password. To help facilitate an easy to use environment, SecurEnvoy can utilise the existing LDAP Group to be the AA group that was configured earlier.Īpply all changes to make the configuration active.Ģ.0 Configuration of SecurEnvoy - PIN configuration Within the An圜onnect profile, change the AA server In this example the An圜onnect Connection profile was selected. Then select the existing profile you wish to change. Within the ASDM, navigate to the Remote Access VPN. Make sure that Microsoft CHAPv2 is unticked.ġ.2 Configuration of Cisco ASA VPN configuration Set port to 1812 (this is the default port of SecurEnvoy Radius) Navigate to AAA setup, go to AAA server and clickĮnter details for interface, IP address of SecurEnvoy (ASDM), select Configuration in top toolbar, navigate to AAA setup, go to AAA server Groups and clickĮnter name details and select the Radius protocol, Launch the Cisco Adaptive Security Device Manager The following table shows what token types are supported. NOTE: Add radius profiles for each Cisco ASA that requires Two-Factor Authentication. If firewalls are between the SecurEnvoy Security server, Active Directory servers, and the Routing and Remote Access server(s), additional open ports will be required. Securenvoy Security Server has been installed with the Radius service and has a suitable account that has read and write privileges to the Active Directory. It is assumed that the Cisco ASA has been installed and is authenticating VPN users with a username and password. 10 5.0 Troubleshooting RADIUS connection. 8 4.2 Configuration of OneSwipe(Optional). 5 3.0 Cisco An圜onnect VPN Client Configuration. 5 2.1 Configuration of SecurEnvoy - RADIUS configuration. 5 2.0 Configuration of SecurEnvoy - PIN configuration. 4 1.2 Configuration of Cisco ASA VPN configuration. Windows 2012 R2 Server IIS installed with SSL certificate (required for management and remote administration)Īctive Directory installed or connection to Active Directory via LDAP protocol.ġ.0 Prerequisites. The equipment used for the integration process is listed below:Ĭisco Adaptive Security Appliance Software Version 9.1(3)ĭevice Manager Version 7.1(4) Cisco Anyconnect Mobile Client 3 All notes within this integration guide refer to this type of SecurEnvoy utilises a web GUI for configuration, as does the Cisco ASA (ASDM). It provides a seemless login into the Windows Server environment by entering three SecurEnvoy Radius server where it carries out a Two-Factor authentication. This authentication request is passed via the Radius protocol to the Utilising the LDAP password as the PIN, allows the User to enter their UserID, Domain password and One Time Passcode received upon their SecurEnvoy Security Server can be configured in such a way that it can use theĮxisting LDAP password. The Authentication server is directly integrated with LDAP in real time. SecurAccess consists of two core elements: a Radius Server andĪuthentication server. It integrates directly into any LDAP server and negates the need for additional User Securityĭatabases. SecurAccess is designed as an easy to deploy and use technology. Two-Factor authentication is provided by the use of (your PIN and your Phone to (such as Cisco), without the complication of deploying hardware tokens or smartcards. SecurAccess provides two-factor, strong authentication for remote Access solutions This document describes how to integrate a Cisco ASA with SecurEnvoy two-factorĪuthentication solution called SecurAccess.Ĭisco ASA provides Secure Remote Access and Firewalling to the internal corporate Merlin House Brunel Road Theale Reading RG7 4ABĢ014 SecurEnvoy Ltd. Authenticating Users Using SecurAccess Server by SecurEnvoy
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |