The configuration described in this section is an example only of a basic configuration using a Cisco ASA Server.
We assume that you have installed and configured the Defender Security Server that you will later define as the AAA Server.
To configure remote access, you need to perform the following additional tasks:
- Create and configure the Access Node that will handle access requests from remote users.
- Assign the Access Node to the Defender Security Server that will authenticate the remote users.
- Configure the Defender Security Policy that will determine the method and level of access, time period within which access is permitted, and lockout conditions for failed logon attempts.
- Assign the Defender Security Policy to the Access Node.
- Assign users or groups of users to the Access Node.
- Configure and assign security tokens to users.
- Configure the remote access device in your environment.
The Configuration example illustrates how to configure the Cisco Adaptive Security Device (ASDM) version 6.1 for use with Defender. The configuration procedure may vary depending on the remote access device you are using.
This configuration example shows how to configure the Cisco Adaptive Security Device (ASDM) version 6.1 for use with Defender and assumes that you are using an existing VPN profile. Only the configuration settings required to enable the remote access device to work with Defender are described in this procedure. Please leave the default settings for all other options.
Depending on the remote access device you are deploying, the configuration procedure for your own system may vary from this example.
To configure your remote access device, you need to complete these steps:
To create an AAA server group
- Open the Cisco ADSM console, and then do the following:
- On the toolbar, click Configuration.
- In the left pane, click Remote Access VPN.
- In the left pane, expand the AAA/Local Users node to select the AAA Server Groups node.
- In the right pane, in the AAA Server Groups area, click the Add button.
- In the dialog box that opens, do the following:
- In the Server Group text box, type a descriptive name for your group.
- From the Protocol drop-down list, select RADIUS.
- Click OK to create the group and close the dialog box.
- In the right pane, in the Servers in the Selected Group area, click the Add button.
- In the dialog box that opens, do the following:
- In the Server Name or IP Address text box, enter the name or IP address of the Defender Security Server you want to use to authenticate the users.
- In the Server Authentication Port text box, enter the port used by the Defender Security Server to receive authentication requests (port 1645 by default).
- In the Server Secret Key text box, enter the shared secret you want to use to establish a connection between the Defender Access Node and Defender Security Server.
- Click OK to add the Defender Security Server to the list and close the dialog box.