Cisco Systems nordic edge asa 5500 Manual De Usuario
Installation
Guide
1 Summary
This is the complete installation guide for securing the authentication to your Cisco ASA 5500 solution
with Nordic Edge One Time Password Server, delivering two-factor authentication via SMS to your
mobile phone. For both clientless SSL VPN and Cisco VPN Client. You will be able to test the product
with your existing Cisco ASA 500 and LDAP user database, without making any changes that affect
existing users. The guide will also allow you to make the complete installation effeciently, using a
maximum of 1 hour. Nordic Edge provides several methods for delivering one time passwords, like e-
mail, tokens, mobile clients, prefetch etc. - however in this test we are only going to use SMS.
with Nordic Edge One Time Password Server, delivering two-factor authentication via SMS to your
mobile phone. For both clientless SSL VPN and Cisco VPN Client. You will be able to test the product
with your existing Cisco ASA 500 and LDAP user database, without making any changes that affect
existing users. The guide will also allow you to make the complete installation effeciently, using a
maximum of 1 hour. Nordic Edge provides several methods for delivering one time passwords, like e-
mail, tokens, mobile clients, prefetch etc. - however in this test we are only going to use SMS.
This is a step-by-step guide that covers the entire installation from A to Z. It is based on the scenario
that you are running your Cisco 5500 solution against Active Directory, and that you install the One
Time Password Server on a Windows Server. The One Time Password Server is platform
independent and works with all other LDAP user databases, like eDirectory, Sun One, Open LDAP
etc. If you are not running Active Directory or Windows and if you have any questions regarding the
slight differences in the installation process, you are most welcome to contact us at
that you are running your Cisco 5500 solution against Active Directory, and that you install the One
Time Password Server on a Windows Server. The One Time Password Server is platform
independent and works with all other LDAP user databases, like eDirectory, Sun One, Open LDAP
etc. If you are not running Active Directory or Windows and if you have any questions regarding the
slight differences in the installation process, you are most welcome to contact us at
and we will take you through the entire process.
2 Prerequisites
You will need to have a server available, for example a VMware virtual machine with Windows Server
2003 installed with Ethernet in bridge mode. The server needs to have an ip-address configured and
must also be able to reach your DNS-servers, your Cisco 5500 ASA solution and the Active Directory.
Since the software is quite small and easy to remove, you can also use any existing server in your
network.
2003 installed with Ethernet in bridge mode. The server needs to have an ip-address configured and
must also be able to reach your DNS-servers, your Cisco 5500 ASA solution and the Active Directory.
Since the software is quite small and easy to remove, you can also use any existing server in your
network.
3 Important information regarding communication
The One Time Password Server is a software that you can place on any server in your internal
network or DMZ.
- The One Time Password Server needs to be able to communicate (Outbound traffic) with your
network or DMZ.
- The One Time Password Server needs to be able to communicate (Outbound traffic) with your
LDAP
or
JDBC
User Database. Default port for LDAP and Secure LDAP is TCP port 389 / 636.
- The Integration Module needs to be able to communicate (Outbound traffic) with the One Time
Password Server on TCP port 3100. Or Radius with UDP port 1812 or 1645 (Outbound traffic)
- If you want to use the
Nordic Edge SMS Gateway
, the One Time Password Server needs to be
able to communicate (Outbound traffic) with otp.nordicedge.net and otp.nordicedge.se with HTTPS on
TCP port 443.
TCP port 443.
In this test-scenario you will want to communicate with RADIUS port 1812 or 1645 and use
our Nordic Edge SMS Gateway.
our Nordic Edge SMS Gateway.
www.nordicedge.se
Copyright, 2008, Nordic Edge AB
Page
4 of 49