0 introduction, 1 scope of document, 2 prerequisites – HID Cisco ASA and 4TRESS AAA Server User Manual
Page 3: Introduction, Scope of document, Prerequisites
ActivIdentity 4TRESS AAA Web Tokens and Cisco ASA | Integration Handbook
P 3
External Use | June 8, 2012 | © 2012 ActivIdentity
1.0 Introduction
The Cisco® Adaptive Security Appliances (ASA) enable remote and mobile employees, customers, and partners
to gain secure access to corporate Virtual Private Network resources and applications. Providing secure access
via a VPN over existing Internet connections requires strong, two-factor authentication to protect resources. The
ActivIdentity solutions that work with Cisco incorporate SSL VPN solutions with versatile, strong authentication
that is flexible, scalable, and simple to manage. ActivIdentity offers two solutions:
•
ActivIdentity® 4TRESS™ AAA Server for Remote Access—Addresses the security risks associated
with a mobile workforce remotely accessing systems and data.
•
ActivIdentity 4TRESS™ Authentication Server (AS)—Offers support for multiple authentication
methods that are useful for diverse audiences across a variety of service channels (SAML, Radius,
etc.), including user name and password, mobile and PC soft tokens, one-time passwords, and
transparent Web soft tokens.
1.1
Scope of Document
This document explains how to set up ActivIdentity 4TRESS AAA Web soft token authentication with Cisco
Adaptive Security Appliances. Use this handbook to enable authentication via a Web soft token for use with an
SSL-protected Cisco VPN.
1.2
Prerequisites
•
The ActivIdentity 4TRESS AAA Server is up-to-date (v6.7) with LDAP users and groups already
configured.
•
Cisco ASA version 8.x installed and configured.
•
The Web soft token is configured to work with or without a PIN.
•
Users have static LDAP passwords for access to the Self Help Desk to enroll web tokens.
•
The Cisco login page has been customized (illustrated in this handbook).
Note: Using Cisco double authentication (an LDAP password plus a one-time password) is also
possible. You can configure the sign-in page so that users can use a static LDAP password instead of
the web soft token PIN.