SDI or Radius ?

rmishra22 · ‎02-02-2007

Hi,

There are couple of cisco 3030 vpn servers in our network. Users use soft token to auth to these servers. Servers are running version 4.7.2D. I am not sure why but the SDI servers are actualy configured to talk to cisco boxes via Radius protocol. I am not sure why would someone will setup SDI on Cisco like this, but its been working for a while. I am having issue where soft tokens are getting corrupt and I am not sure if this is one of the resons or not!!.

Can someone provide some insight on :-

a) RSA Servers configured via Radius ?? Why would we do this?

b) Any ideas to troubleshoot soft token corruption.

Many Thanks

Richard Burts · ‎02-03-2007

Rajiv

There might be some reasons why the 3030s were set up to authenticate via Radius using RSA soft tokens. Are there other Cisco devices in the network that authenticate via soft token? In IOS and in Catalyst there is not support for direct communication with RSA so if you want to authenticate via soft token it must be configured to authenticate with TACACS or Radius and the TACACS or Radius server must send the authentication request to RSA. If there are other Cisco devices authenticating for soft token then perhaps the 3030s were set up that way for consistency.

I doubt that authenticating with Radius is causing soft tokens to become corrupted.

HTH

Rick

HTH

Rick

rmishra22 · ‎02-04-2007

Hi Rick,

Thank you for clarifing this, Though I dont have much experience with doing SDI with radius on VPN3K's, do you suggest changing them in regular SDI auth instead of having a radius interface?

Thats all!

HTH

Jj

darpotter · ‎02-05-2007

Not sure if you're VPNs are doing RADIUS direct to the RSA server, or via a AAA server.

The latter makes sense because you might want/need more than just authentication. The AAA server can do authorisation as well.

Darran