Defender 5.9.3 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Integration with Cloud Access Manager Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Step 1: Install Defender EAP Agent

Step 1: Install Defender EAP Agent

You must install the Defender EAP Agent on the Network Policy Server, and on the VPN client computer.

To install Defender EAP Agent

  1. Run the DefenderEAPAgent.exe file supplied with the Defender distribution package.
  2. Complete the wizard that starts.

    IMPORTANT:
    • When installing Defender EAP Agent on the Network Policy Server, on the Installation Complete step of the wizard, clear the Create a VPN connection with Defender now check box, and then click Finish.
    • When installing Defender EAP Agent on the VPN client computer, on the Installation Complete step of the wizard, select the Create a VPN connection with Defender now check box, click Finish, and follow the wizard that starts to create a new VPN connection.
  3. After completing the wizard, restart the computer on which you have just installed Defender EAP Agent.

Step 2: Configure Network Policy Server

Step 2: Configure Network Policy Server

To configure the Network Policy Server

  1. On the Network Policy Server, start the Network Policy Server tool (nps.msc).
  2. In the left pane, expand the Policies node to select Network Policies.
  3. In the right pane, right-click the network policy you want to use for Defender, and then on the shortcut menu click Properties.
  4. In the dialog box that opens, click the Constraints tab.

 

  1. Below the EAP types list, click the Add button.
  2. In the dialog box that opens, select Defender 5 from the list, and then click OK.
  3. In the EAP types list, select the Defender 5 entry you have just added, and then click the Edit button below the list. The following dialog box opens:

 

  1. Use the following elements:
    • Address  Type the IP address of the Defender Security Server you want to use for user authentication
    • Port  Type the port used by the Access Node to which the specified Defender Security Server belongs.
    • Shared Secret  Type the shared secret that corresponds to the Access Node.
  2. Click OK.

Step 3: Configure VPN connection on the client computer

Step 3: Configure VPN connection on the client computer

In this step, you need to configure the authentication settings of the VPN connection you created on the VPN client computer.

To configure VPN connection

  1. Open the properties of the VPN connection you created on the VPN client computer in Step 1: Install Defender EAP Agent.
  2. In the Properties dialog box, click the Security tab.
  3. Make sure that in the Authentication area you select the Use Extensible Authentication Protocol (EAP) option, and then select Defender 5 (encryption enabled) from the list below the option:

 

  1. Click OK to close the dialog box.

    Now when you connect through the configured VPN connection on the client computer, a Defender dialog box opens prompting you to type the response provided by your token.

Authenticating via EAP Agent

Authenticating via EAP Agent

When you attempt to access information via your VPN, the Defender authentication dialog box is displayed:

In the Response field, type the response displayed on your token. Select OK. If authentication is successful, you are allowed to access the network.

Documentos relacionados