RSA SecurID Ready Implementation Guide
Last Modified: January 7, 2008
Partner Information
Product Information
Partner Name
Web Site www.cisco.com
Product Name
Version & Platform
Product Description
Product Category
Cisco Systems
Cisco VPN Client
4.6, 4.8, and 5.0.02.0090
Simple to deploy and operate, the Cisco VPN Client allows organizations to
establish end-to-end, encrypted VPN tunnels for secure connectivity for
mobile employees or teleworkers. This thin design, IP security (IPSec)implementation is compatible with all Cisco virtual private network (VPN)
products.
Perimeter Defense (Firewalls, VPNs & Intrusion Detection)
1
Solution Summary
The Cisco VPN Client allows users to RSA SecurID Authenticate to establish end-to-end, encrypted VPN
tunnels for secure connectivity for mobile employees or teleworkers. This authe ntication can be done
with either Native RSA SecurID authentication or with RADIUS. The end user running on a Windows
platform can also take advantage of additional integration work by using the RSA Software Token or the
RSA SecurID 800 token. The Cisco VPN client can pull the tokencode from the RSA Software Token or
RSA SecurID 800 token running on the same machine and couple the PIN and tokencode so that users
only need to enter their PIN during an authentication.
Partner Integration Overview
Authentication Methods Supported
RSA Authentication Manager Name Locking
RSA Authentication Manager Replica Support
RSA Software Token and RSA SecurID 800 Automation
Use of Cached Domain Credentials
Native RSA SecurID Authentication and RADIUS
Server Dependant
Yes (Authentication Manager v6.x and above)
Yes
No
2
Product Requirements
Partner Product Requirements: Cisco VPN Client
Memory
Storage
Operating System
Platform Required Patches
Windows XP SP2 or later
Windows 2000 SP2 or later
Windows Vista All versions as of date listed above
Additional Hardware Requirements:
The Cisco VPN Client is compatible with the following Cisco products
• Cisco VPN 3000 Series Concentrator Software Version 3.0 or later
• Cisco IOS Software Release 12.2(8)T or later
• Cisco PIX Security Appliance Software Version 7.0 or later
• Cisco ASA 5500 Series Software Version 7.0 or later
The Cisco VPN Client integrates with the RSA Software Token and RSA SecurID 800 token so that users
only have to enter a PIN; where the tokencode is automatically pulled into the client. The following table
shows what Cisco products support this feature.
RSA Software Token and RSA SecurID 800 Integration Compatibility Matrix
Cisco Product
Cisco VPN 3000 Series Yes Yes*
Cisco IOS Software N/A No
Cisco PIX Security Appliance Yes Yes*
Cisco ASA 5500 Series Yes Yes*
Native RSA SecurID
Authentication
* Needs RadiusSDI set to 1 for this to function. See the Cisco VPN client
profile configuration section for information.
34 MB
50 MB
RADIUS Authentication
Important: The RSA Software Token and RSA SecurID 800 Integration
is a Windows only solution.
3