1 Summary

Installation Guide

1 Summary

This is the complete installation guide for securing the authentication to your Cisco ASA 5500 solution with Nordic Edge One Time Password Server, delivering two-factor authentication via SMS to your mobile phone. For both clientless SSL VPN and Cisco VPN Client. You will be able to test the product with your existing Cisco ASA 500 and LDAP user database, without making any changes that affect existing users. The guide will also allow you to make the complete installation effeciently, using a maximum of 1 hour. Nordic Edge provides several methods for delivering one time passwords, like e- mail, tokens, mobile clients, prefetch etc. - however in this test we are only going to use SMS.

This is a step-by-step guide that covers the entire installation from A to Z. It is based on the scenario that you are running your Cisco 5500 solution against Active Directory, and that you install the One Time Password Server on a Windows Server. The One Time Password Server is platform independent and works with all other LDAP user databases, like eDirectory, Sun One, Open LDAP etc. If you are not running Active Directory or Windows and if you have any questions regarding the slight differences in the installation process, you are most welcome to contact us at support@nordicedge.se and we will take you through the entire process.

2 Prerequisites

You will need to have a server available, for example a VMware virtual machine with Windows Server 2003 installed with Ethernet in bridge mode. The server needs to have an ip-address configured and must also be able to reach your DNS-servers, your Cisco 5500 ASA solution and the Active Directory. Since the software is quite small and easy to remove, you can also use any existing server in your network.

3 Important information regarding communication

The One Time Password Server is a software that you can place on any server in your internal network or DMZ.

-The One Time Password Server needs to be able to communicate (Outbound traffic) with your LDAP or JDBC User Database. Default port for LDAP and Secure LDAP is TCP port 389 / 636.

-The Integration Module needs to be able to communicate (Outbound traffic) with the One Time Password Server on TCP port 3100. Or Radius with UDP port 1812 or 1645 (Outbound traffic)

-If you want to use the Nordic Edge SMS Gateway, the One Time Password Server needs to be able to communicate (Outbound traffic) with otp.nordicedge.net and otp.nordicedge.se with HTTPS on TCP port 443.

In this test-scenario you will want to communicate with RADIUS port 1812 or 1645 and use our Nordic Edge SMS Gateway.

www.nordicedge.se

Copyright, 2008, Nordic Edge AB

Page 4 of 49

Page 4
Image 4
Cisco Systems ASA 5500 manual Summary, Prerequisites, Important information regarding communication, Page 4 of

ASA 5500 specifications

Cisco Systems ASA 5500 is a robust security appliance designed to provide advanced network security and protection against both internal and external threats. Ideal for organizations of various sizes, the ASA 5500 series offers a wide range of features that combine firewall capabilities with intrusion prevention, VPN support, and application control, among others.

One of the key features of the ASA 5500 is its stateful firewall technology. This allows the device to monitor active connections and enforce security policies based on the state of the traffic. By maintaining the context of network sessions, the firewall can make informed decisions on whether to allow or deny traffic based on established rules.

In addition to traditional firewall functionalities, the ASA 5500 series integrates advanced intrusion prevention capabilities. By analyzing traffic patterns and identifying known threats, the IPS functionality helps organizations defend against a variety of malicious activities, such as DDoS attacks, malware, and unauthorized access attempts. The ASA 5500 continuously updates its threat intelligence through Cisco's global threat database, enhancing its ability to detect emerging threats in real-time.

Virtual Private Network (VPN) support is another significant aspect of the ASA 5500 series. The device offers secure, encrypted connections for remote users and branch offices, ensuring safe access to corporate resources over the Internet. It supports both IPsec and SSL VPN protocols, allowing organizations to choose the best option for their specific needs. This capability is crucial for businesses that require a secure environment for remote work.

The ASA 5500 series also features extensive application control and visibility tools. These tools enable organizations to manage and control the applications running on their network, ensuring that only authorized applications can communicate through the firewall. This level of control helps to mitigate risks associated with unauthorized applications, which can lead to data breaches or reduced productivity.

Moreover, the ASA 5500 is designed with high availability and scalability in mind. Its clustering support ensures that multiple units can work together to provide redundancy and load balancing, enhancing both performance and reliability. This characteristic is especially important for organizations looking to maintain continuous operation during traffic spikes or hardware failures.

In summary, Cisco Systems ASA 5500 is an all-in-one security solution that combines stateful firewall protection, intrusion prevention, VPN capabilities, and application control. With its robust feature set and focus on security, it is well-suited for organizations seeking to protect their networks from an ever-evolving landscape of cyber threats. Whether for small businesses or large enterprises, the ASA 5500 provides the necessary tools to create a secure networking environment.