Cisco IPSEC Client Integration¶
The Cisco IPSEC client allows authentication using the following methods from Swivel:
- SMS Text
- Mobile Phone Client
- Taskbar Utility
This document outlines how to integrate PINsafe Turing image using the PINsafe Taskbar for Microsoft Windows, with the Cisco IPSEC VPN Client. If SMS use is only required then the below Taskbar steps are not required.
For the Cisco ASA PINsafe integration see Cisco ASA Integration
Cisco IPSEC VPN Client 5.0.02
PINsafe Taskbar 1.3.01
PINsafe 3.x, 3.5 for RADIUS groups
Turing image available to user from across internet
Cisco IPSEC VPN Client
A Cisco Authentication device using PINsafe as a RADIUS server
PINsafe Taskbar for Microsoft Windows
Cisco IPSEC Client
The user connects to the Checkpoint VPN by using the SecureClient software. The Checkpoint is configured to use a Swivel server for radius authentication. Users are stored and maintained in Swivel.
Configuring the RADIUS server¶
On the Swivel Administration console configure the RADIUS Server and NAS, see RADIUS Configuration
Enabling Session creation with username¶
To allow the TURing image, PINpad and other single channel images, under Server/Single Channel set Allow session request by username to Yes.
Setting up Swivel Dual Channel Transports¶
PINsafe Client Configration¶
PINsafe Dual Channel Configuration
No specific client requirements for Dual Channel integration.
PINsafe Single Channel Configuration
Follow the installation notes to install the PINsafe Taskbar utility. Ensure that a Single Channel image can be generated. See Taskbar How to Guide. Note the intehgration has only been tested with the Turing Single Channel Image.
Cisco VPN Server Configuration¶
Configure the VPN server according to the Cisco Documentation, configuring the Cisco VPN server to use PINsafe as a RADIUS authentication server.
Cisco IPSEC Client Configuration¶
Cisco IPSEC Client with Dual Channel Authentication
No further configuration is required for the Cisco IPSEC client
Cisco IPSEC Client with Single Channel Authentication
Follow the Cisco installation notes. Then open the VPN Client Options menu and choose Application Launcher. The VPN Client displays a dialog, click on Enable and then enter the PINsafe Taskbar utility path and the required syntax:
Example: C:Program FilesSwivel Secure LtdPINsafe TaskbarPINsafeTaskbar.exe show
Click Apply to activate the application.
Note: The Cisco IPSEC VPN Client may need to be restarted.
Cisco IPSEC client with OTC and AD password
The Swivel server can be configured to use AD password and OTC. On the Swivel Administration console under RADIUS/NAS for the Cisco ASA set Check password with repository to Yes and apply the settings. The Password is entered first followed by the OTC, as passwordOTC. See also Password How to Guide.
Start the Cisco IPSEC VPN client, and click on connect. A Turing window should appear. A One Time Code can be obtained for authentication.
Check the PINsafe logs for Turing images and RADIUS requests.
No RADIUS connections seen
Check ports, Cisco uses 1645/1646 by default, Swivel uses 1812/1813 by default.
Cisco continues to use AD/other password instead of Swivel OTC
Remove the Swivel RADIUS servers, apply the configuration then reenter them. Apply the configuration and then test to ensure RADIUS requests are seen in the Swivel logs.
For assistance in the PINsafe installation and configuration please firstly contact your reseller and then email Swivel Secure support at email@example.com