beautypg.com

0 introduction, 1 scope of document, 2 prerequisites – HID Cisco ASA and 4TRESS AAA Server User Manual

Page 3: Introduction, Scope of document, Prerequisites

background image

ActivIdentity 4TRESS AAA Web Tokens and Cisco ASA | Integration Handbook

P 3

External Use | June 8, 2012 | © 2012 ActivIdentity

1.0 Introduction

The Cisco® Adaptive Security Appliances (ASA) enable remote and mobile employees, customers, and partners

to gain secure access to corporate Virtual Private Network resources and applications. Providing secure access

via a VPN over existing Internet connections requires strong, two-factor authentication to protect resources. The

ActivIdentity solutions that work with Cisco incorporate SSL VPN solutions with versatile, strong authentication

that is flexible, scalable, and simple to manage. ActivIdentity offers two solutions:

ActivIdentity® 4TRESS™ AAA Server for Remote Access—Addresses the security risks associated

with a mobile workforce remotely accessing systems and data.

ActivIdentity 4TRESS™ Authentication Server (AS)—Offers support for multiple authentication

methods that are useful for diverse audiences across a variety of service channels (SAML, Radius,
etc.), including user name and password, mobile and PC soft tokens, one-time passwords, and
transparent Web soft tokens.

1.1

Scope of Document

This document explains how to set up ActivIdentity 4TRESS AAA Web soft token authentication with Cisco

Adaptive Security Appliances. Use this handbook to enable authentication via a Web soft token for use with an

SSL-protected Cisco VPN.

1.2

Prerequisites

The ActivIdentity 4TRESS AAA Server is up-to-date (v6.7) with LDAP users and groups already

configured.

Cisco ASA version 8.x installed and configured.

The Web soft token is configured to work with or without a PIN.

Users have static LDAP passwords for access to the Self Help Desk to enroll web tokens.

The Cisco login page has been customized (illustrated in this handbook).


Note: Using Cisco double authentication (an LDAP password plus a one-time password) is also

possible. You can configure the sign-in page so that users can use a static LDAP password instead of

the web soft token PIN.

See also other documents in the category HID Equipment: