9.6.9

Installation Guide

9.2Browse to Configuration, Remote Access VPN, AAA/Local Users, AAA Server Groups

and click Add

33

9.3

Name Server Group OTPserver, choose protocol RADIUS

34

9.4

Add new radius server to the RADIUS group

35

9.5Configure Radius Server : Interface name, IP address to OTPserver and the pre-shared

key between the One Time Password server and Cisco ASA5500

35

9.6Create a ”test” connection profile (in case you want to test this for certain users only). 37

9.6.1Browse to Configuration/Remote Access/Clientless SSL VPN Access/Connection Profiles

and click Add

37

9.6.2

Specify Connection Profile Name

38

9.6.3

Specify AAA Server Group = OTPserver

38

9.6.4

Edit Connection Profile Clientless SSL VPN Settings

40

9.6.5

Add Alias if user should be able to select authentication method by drop-down-list

40

9.6.6

Edit Connection Profile Clientless SSL VPN Settings

41

9.6.7

Add Group URL if user should be able to select authentication by specifying URL

41

9.6.8If user should be allowed to select authentication method by drop-down-list, .................. 41

9.6.9

select this item

41

10

CONFIGURING ASA5500 FOR CISCO VPN CLIENT AUTHENTICATION WITH NORDIC

 

EDGE OTP SERVER

45

10.1Add a new ( or Edit an existing) Cisco VPN Client Connection Profile to use the

OTPserver

45

10.2

At the Cisco VPN Client, create an entry with correct name and password

46

￿ Name must match the connection profile name at previous slide

46

￿ Password must match the pre-shared key in ASA5500

46

(Note : This can be distributed via MSI installation)

46

11

START TESTING

47

11.1

Enter your Userid and password as usual

47

11.2You will receive a one-time password to your mobile phone within a couple of seconds. 47

11.3

Enter your one time password and click on “OK”

48

12

PURCHASE

49

13

TECHNICAL QUESTIONS

49

www.nordicedge.se

Copyright, 2008, Nordic Edge AB

Page 3 of 49

Page 3
Image 3
Cisco Systems ASA 5500 manual 9.6.9

ASA 5500 specifications

Cisco Systems ASA 5500 is a robust security appliance designed to provide advanced network security and protection against both internal and external threats. Ideal for organizations of various sizes, the ASA 5500 series offers a wide range of features that combine firewall capabilities with intrusion prevention, VPN support, and application control, among others.

One of the key features of the ASA 5500 is its stateful firewall technology. This allows the device to monitor active connections and enforce security policies based on the state of the traffic. By maintaining the context of network sessions, the firewall can make informed decisions on whether to allow or deny traffic based on established rules.

In addition to traditional firewall functionalities, the ASA 5500 series integrates advanced intrusion prevention capabilities. By analyzing traffic patterns and identifying known threats, the IPS functionality helps organizations defend against a variety of malicious activities, such as DDoS attacks, malware, and unauthorized access attempts. The ASA 5500 continuously updates its threat intelligence through Cisco's global threat database, enhancing its ability to detect emerging threats in real-time.

Virtual Private Network (VPN) support is another significant aspect of the ASA 5500 series. The device offers secure, encrypted connections for remote users and branch offices, ensuring safe access to corporate resources over the Internet. It supports both IPsec and SSL VPN protocols, allowing organizations to choose the best option for their specific needs. This capability is crucial for businesses that require a secure environment for remote work.

The ASA 5500 series also features extensive application control and visibility tools. These tools enable organizations to manage and control the applications running on their network, ensuring that only authorized applications can communicate through the firewall. This level of control helps to mitigate risks associated with unauthorized applications, which can lead to data breaches or reduced productivity.

Moreover, the ASA 5500 is designed with high availability and scalability in mind. Its clustering support ensures that multiple units can work together to provide redundancy and load balancing, enhancing both performance and reliability. This characteristic is especially important for organizations looking to maintain continuous operation during traffic spikes or hardware failures.

In summary, Cisco Systems ASA 5500 is an all-in-one security solution that combines stateful firewall protection, intrusion prevention, VPN capabilities, and application control. With its robust feature set and focus on security, it is well-suited for organizations seeking to protect their networks from an ever-evolving landscape of cyber threats. Whether for small businesses or large enterprises, the ASA 5500 provides the necessary tools to create a secure networking environment.