Chat now with support
Chat with Support

Defender 6.5 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Step 1: Create an AAA server group, add Defender Security Server

To create an AAA server group

  1. Open the Cisco ADSM console, and then do the following:
    1. On the toolbar, click Configuration.
    2. In the left pane, click Remote Access VPN.
    3. In the left pane, expand the AAA/Local Users node to select the AAA Server Groups node.
    4. In the right pane, in the AAA Server Groups area, click the Add button.
  2. In the dialog box that opens, do the following:
    1. In the Server Group text box, type a descriptive name for your group.
    2. From the Protocol drop-down list, select RADIUS.
    3. Click OK to create the group and close the dialog box.
  3. In the right pane, in the Servers in the Selected Group area, click the Add button.
  4. In the dialog box that opens, do the following:
    1. In the Server Name or IP Address text box, enter the name or IP address of the Defender Security Server you want to use to authenticate the users.
    2. In the Server Authentication Port text box, enter the port used by the Defender Security Server to receive authentication requests (port 1645 by default).
    3. In the Server Secret Key text box, enter the shared secret you want to use to establish a connection between the Defender Access Node and Defender Security Server.
    4. Click OK to add the Defender Security Server to the list and close the dialog box.

Step 2: Configure an IPsec connection profile

To configure an IPsec profile

  1. In the Cisco ADSM console, do the following:
    1. On the toolbar, click Configuration.
    2. In the left pane, click Remote Access VPN.
    3. In the left pane, expand the Network (Client) Access node to select the IPsec Connection Profiles node.
  2. In the right pane, under Connection Profiles, select an existing profile or add a new profile.
  3. Modify the selected or created profile (click the Edit button): In the User Authentication area, from the Server Group drop-down list, select the AAA server group you created in Step 1: Create an AAA server group, add Defender Security Server.

Configuring Defender

To configure Defender, you need to complete these steps:

Step 1: Configure an Access Node

To configure an Access Node

  1. On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane, expand the appropriate domain node, and then expand the Defender node
  3. In the left pane, right-click Access Nodes, from the shortcut menu, select New | Defender Access Node.
    1. Complete the wizard to configure the Defender Access Node.
      • On the Enter a name and description for this Access Node page, type a descriptive name and description for the Access Node.
      • On the Select the node type and user ID type for this Access Node page, use the following options:

      Node Type  From this list, select Radius Agent. This enables the RADIUS protocol for communications between Cisco ACS devices and Defender. Note that the RADIUS protocol is transmitted over UDP and uses port 1645 or 1812.

      User ID  From this list, select the user ID type you want to use.

      • On the Enter the connection details for this Access Node page, use the following options:

      IP Address or DNS Name  Specify the Cisco AAA Server by entering its IP address or DNS name.

      Port  Type the port number through which you want this Access Node to connect to the Defender Security Server. You must specify the same port as the one you entered in the Server Authentication Port text box in Step 1: Create an AAA server group, add Defender Security Server.

      Subnet Mask  Keep the default subnet mask.

      Shared Secret  Type the same shared secret you entered in the Server Secret Key text box in Step 1: Create an AAA server group, add Defender Security Server.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating