Cisco Systems IOS Router User Manual

Cisco Systems

Cisco IOS Router

RSA SecurID Ready Implementation Guide

Partner Information

Last Modified: March 31, 2008

Product Information

Partner Name Web Site www.cisco.com Product Name Version & Platform Product Description

Product Category

Cisco Systems

Cisco IOS Router

12.4(3) Cisco IOS IPsec functionality provides network data encryption at the IP packet level, offering a robust, standards-based, security solution. IPsec provides data authentication and anti-replay services, in addition to data confidentiality services. It is the only way to implement secure VPNs. Customers can combine IPsec with other Cisco IOS Software functionality to build scalable, robust, and secure Quality of Service-aware VPNs. Perimeter Defense (Firewalls, VPNs & Intrusion Detection)

Solution Summary

The Cisco IOS software, combines IPSec VPN enhancements with robust firewall, intrusion detection, and secure administration capabilities. The VPN provides users with a complete implementation of IPSec standards, including support for DES and Triple DES encryption, and authentication through RSA SecurID authentication via RADIUS.

Partner Integration Overview

Authentication Methods Supported List Library Version Used RSA Authentication Manager Name Locking RSA Authentication Manager Replica Support Secondary RADIUS Server Support Location of Node Secret on Agent RSA Authentication Agent Host Type RSA SecurID User Specification RSA SecurID Protection of Administrative Users RSA Software Token API Integration Use of Cached Domain Credentials

RADIUS N/A N/A N/A Yes/ (hardware dependent for number of servers) None stored Communication Server Designated Users, All Users, Default Method Yes No No

Product Requirements

Partner Product Requirements: Cisco IOS Router

Firmware Version

Additional Software Requirements

Application Additional Patches

Cisco Secure VPN Client 4.6

Important: If you are configuring the IOS Router to use IPSec you will also need to configure the Cisco VPN client. Information on how to configure the Cisco VPN client can be found in the Cisco VPN client implementation guide located at:

http://rsasecurity.agora.com/rsasecured/guides/imp_pdfs/Cisco_VP N_Client_AuthMan61.pdf .

12.4(3)

Agent Host Configuration

To facilitate communication between the Cisco IOS Router and the RSA Authentication Manager / RSA SecurID Appliance, an Agent Host record must be added to the RSA Authentication Manager database and RADIUS Server database. The Agent Host record identifies the Cisco IOS Router within its database and contains information about communication and encryption.

To create the Agent Host record, you will need the following information.

• Hostname

• IP Addresses for all network interfaces

• RADIUS Secret, which must match the RADIUS Secret on the Cisco IOS VPN Router.

When adding the Agent Host Record, you should configure the Cisco IOS Router as a Communication Server. This setting is used by the RSA Authentication Manager to determine how communication with the Cisco IOS Router will occur.

Note: Hostnames within the RSA Authentication Manager / RSA SecurID Appliance must resolve to valid IP addresses on the local network.

Please refer to the appropriate RSA Security documentation for additional information about Creating, Modifying and Managing Agent Host records.

+ 7 hidden pages