Defender 5.9.3 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Integration with Cloud Access Manager Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Configuration example

Configuration example

This configuration example shows how to configure the Cisco Adaptive Security Device (ASDM) version 6.1 for use with Defender and assumes that you are using an existing VPN profile. Only the configuration settings required to enable the remote access device to work with Defender are described in this procedure. Please leave the default settings for all other options.

Depending on the remote access device you are deploying, the configuration procedure for your own system may vary from this example.

Configuring your remote access device

Configuring your remote access device

To configure your remote access device, you need to complete these steps:

Step 1: Create an AAA server group, add Defender Security Server

Step 1: Create an AAA server group, add Defender Security Server

To create an AAA server group

  1. Open the Cisco ADSM console, and then do the following:
    1. On the toolbar, click Configuration.
    2. In the left pane, click Remote Access VPN.
    3. In the left pane, expand the AAA/Local Users node to select the AAA Server Groups node.
    4. In the right pane, in the AAA Server Groups area, click the Add button.
  2. In the dialog box that opens, do the following:
    1. In the Server Group text box, type a descriptive name for your group.
    2. From the Protocol drop-down list, select RADIUS.
    3. Click OK to create the group and close the dialog box.
  3. In the right pane, in the Servers in the Selected Group area, click the Add button.
  4. In the dialog box that opens, do the following:
    1. In the Server Name or IP Address text box, enter the name or IP address of the Defender Security Server you want to use to authenticate the users.
    2. In the Server Authentication Port text box, enter the port used by the Defender Security Server to receive authentication requests (port 1645 by default).
    3. In the Server Secret Key text box, enter the shared secret you want to use to establish a connection between the Defender Access Node and Defender Security Server.
    4. Click OK to add the Defender Security Server to the list and close the dialog box.

Step 2: Configure an IPsec connection profile

Step 2: Configure an IPsec connection profile

To configure an IPsec profile

  1. In the Cisco ADSM console, do the following:
    1. On the toolbar, click Configuration.
    2. In the left pane, click Remote Access VPN.
    3. In the left pane, expand the Network (Client) Access node to select the IPsec Connection Profiles node.
  2. In the right pane, under Connection Profiles, select an existing profile or add a new profile.
  3. Modify the selected or created profile (click the Edit button): In the User Authentication area, from the Server Group drop-down list, select the AAA server group you created in Step 1: Create an AAA server group, add Defender Security Server.
Documentos relacionados