Résumé du contenu de la page N° 1
Cisco Systems
Cisco IOS Router
RSA SecurID Ready Implementation Guide
Last Modified: March 31, 2008
Partner Information
Product Information
Partner Name Cisco Systems
Web Site www.cisco.com
Product Name Cisco IOS Router
Version & Platform 12.4(3)
Product Description Cisco IOS IPsec functionality provides network data encryption at the IP
packet level, offering a robust, standards-based, security solution. IPsec
provides data authentication and anti-replay services, in addition to
Résumé du contenu de la page N° 2
Solution Summary The Cisco IOS software, combines IPSec VPN enhancements with robust firewall, intrusion detection, and secure administration capabilities. The VPN provides users with a complete implementation of IPSec standards, including support for DES and Triple DES encryption, and authentication through RSA SecurID authentication via RADIUS. Partner Integration Overview Authentication Methods Supported RADIUS List Library Version Used N/A RSA Authentication Manager Name Locking N
Résumé du contenu de la page N° 3
Product Requirements Partner Product Requirements: Cisco IOS Router Firmware Version 12.4(3) Additional Software Requirements Application Additional Patches Cisco Secure VPN Client 4.6 Important: If you are configuring the IOS Router to use IPSec you will also need to configure the Cisco VPN client. Information on how to configure the Cisco VPN client can be found in the Cisco VPN client implementation guide located at: http://rsasecurity.agora.com/rsasecured/guides/imp_p
Résumé du contenu de la page N° 4
Agent Host Configuration To facilitate communication between the Cisco IOS Router and the RSA Authentication Manager / RSA SecurID Appliance, an Agent Host record must be added to the RSA Authentication Manager database and RADIUS Server database. The Agent Host record identifies the Cisco IOS Router within its database and contains information about communication and encryption. To create the Agent Host record, you will need the following information. • Hostname • IP Addresses for all ne
Résumé du contenu de la page N° 5
Partner Authentication Agent Configuration Before You Begin This section provides instructions for integrating the partners’ product with RSA SecurID Authentication. This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to insta
Résumé du contenu de la page N° 6
Cisco IOS VPN Router RADIUS configuration: aaa new-model aaa authentication login userauthen group radius local aaa authorization network groupauthor local radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646 radius-server timeout 120 radius-server key “your key” VPN Policy: crypto isakmp policy 3 encr 3des authentication pre-share group 2 crypto isakmp client configuration group vpngroup (“vpngroup” Must match the group name set in the vpn client) key password (
Résumé du contenu de la page N° 7
Certification Checklist: For RSA Authentication Manager 6.x Cisco Router Date Tested: September 29, 2005 Certification Environment Product Name Version Information Operating System 6.1 Windows 2003 RSA Authentication Manager 12.4(3) IOS Cisco IOS VPN Router Mandatory Functionality RSA Native Protocol RADIUS Protocol New PIN Mode Force Authentication After New PIN N/A Force Authentication After New PIN System Generated PIN N/A System Generated PIN User Defined (4-8 Alp
Résumé du contenu de la page N° 8
Certification Checklist: For RSA Authentication Manager 6.x VPN Date Tested: September 29, 2005 Certification Environment Product Name Version Information Operating System 6.1 Windows 2003 RSA Authentication Manager 12.4(3) IOS Cisco IOS VPN Router 4.6 Windows 2003 Cisco Secure VPN Client Mandatory Functionality RSA Native Protocol RADIUS Protocol New PIN Mode Force Authentication After New PIN N/A Force Authentication After New PIN System Generated PIN N/A System Gener
Résumé du contenu de la page N° 9
Certification Checklist For RSA Authentication Manager 7.x Router Date Tested: March 31, 2008 Certification Environment Product Name Version Information Operating System 7.1 Windows 2003 SP2 RSA Authentication Manager 7.1 Windows 2003 SP2 RSA RADIUS Server 12.4(3) IOS Cisco IOS VPN Router Mandatory Functionality RSA Native Protocol RADIUS Protocol New PIN Mode Force Authentication After New PIN N/A Force Authentication After New PIN System Generated PIN N/A System Gener
Résumé du contenu de la page N° 10
Certification Checklist For RSA Authentication Manager 7.x VPN Date Tested: March 31, 2008 Certification Environment Product Name Version Information Operating System 7.1 Windows 2003 SP2 RSA Authentication Manager 7.1 Windows 2003 SP2 RSA RADIUS Server 12.4(3) IOS Cisco IOS VPN Router 4.8 Windows XP Professional SP2 Cisco Secure VPN Client Mandatory Functionality RSA Native Protocol RADIUS Protocol New PIN Mode Force Authentication After New PIN N/A Force Authentication A
Résumé du contenu de la page N° 11
Known Issues 1. CHAP authentication is not supported when using RSA SecurID authentication 11 ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
