Documente Academic
Documente Profesional
Documente Cultură
Copyright
Copyright 2006, CRYPTOCard Corp. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of CRYPTOCard Corp.
1. Using the Cisco VPN Client, the user establishes a connection to the internal network using his/her logon name and PIN + One-time password.
2. The VPN concentrator passes the authentication information to the CRYPTO-Server (via the RADIUS protocol).
3. CRYPTO-MAS Server sends back Access-Accept/Deny to the VPN concentrator. 4. Once successfully authenticated, the user gains access to the network.
The CRYPTO-Server distribution includes a plug-in for the Cisco VPN Client software which, when used in conjunction with a CRYPTOCard ST-1 Software, SC-1 Smart Card, or UB-1 USB token, automates the authentication and logon process for users. The CRYPTOCard Cisco VPN plug-in is supported in version 4.9 of the Cisco VPN client on PPC and Intel Macs and 4.8 on Windows.
Prerequisites
The following systems must be installed and operational prior to configuring the VPN concentrator to use CRYPTOCard authentication:
Ensure that the end user can authenticate through the concentrator with a static password before configuring the concentrator to use CRYPTOCard authentication. An initialized CRYPTOCard token assigned to a valid CRYPTOCard user.
The following CRYPTO-MAS server information is also required: Primary CRYPTO-MAS RADIUS Server Fully Qualified Hostname or IP Address: Secondary CRYPTO-MAS RADIUS Server Fully Qualified Hostname or IP Address (OPTIONAL): CRYPTO-MAS RADIUS Authentication port number: CRYPTO-MAS RADIUS Accounting port number (OPTIONAL): CRYPTO-MAS RADIUS Shared Secret:
Ensure that the RADIUS server is the first entry in the Authentication Servers list
2. Enter the User Name of a CRYPTOCard account, and the next Password generated by the token assigned to that user. Click OK.
1. In the VPN configuration manager, select Configuration|User|Management|Groups. 2. Click Add Group to add a new group. 3. Enter a Group Name and a static Password. Select Internal group as the Type.
This internal group name and password must be used by all CRYPTOCard end-users when they want to connect using the VPN client.
4. Under the IPSec tab, select RADIUS in the Authentication pull-down menu.
5. Click Add to add this group to the VPN concentrator. 6. Ensure this newly created group has an Address Pool of IP addresses that can be assigned
to the VPN client connections. Select the Group and click Address Pools. Then click Add and enter the Range Start, Range End, and Subnet Mask. Apply the change.
A dialog box will open requesting a Username and Password. Enter the CRYPTOCard Username. Generate a one-time password from the CRYPTOCard token and enter your PIN followed by the one-time password in the Password field. Click OK.
Once the concentrator has verified the username and password with the CRYPTO-Server database, the connection will be established.
Cisco VPN Concentrator Implementation Guide 5
Solution Overview
Summary
Product Name Vendor Site Supported VPN Client Software Authentication Method Cisco VPN Concentrator 3000 http://www.cisco.com Windows 2000/XP 4.8, Mac OS X Tiger 4.9 RADIUS authentication
PAP MSCHAPv2
Authentication Mode
User-changeable Alphanumeric 4-8 digit PIN User-changeable Numeric 4-8 digit PIN Server-changeable Alphanumeric 4-8 digit PIN Server-changeable Numeric 4-8 digit PIN
Trademarks
CRYPTOCard, CRYPTO-Server, CRYPTO-Web, CRYPTO-Kit, CRYPTO-Logon, CRYPTO-VPN, are either registered trademarks or trademarks of CRYPTOCard Corp. Microsoft Windows and Windows XP/2000/2003/NT are registered trademarks of Microsoft Corporation. All other trademarks, trade names, service marks, service names, product names, and images mentioned and/or used herein belong to their respective owners.
Publication History
Date
October 25, 2006 November 5, 2006 November 29, 2006
Changes
First Draft Creation Global Edit Minor revision