cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
752
Views
4
Helpful
1
Replies

ASA -> ACS -> RSA Token Server - qustion?

faxfan2002
Level 1
Level 1

Hi,

I'm proposing to allow VPN access via DSL to a ASA box which then backs of to a ACS box which in turn backs of to a RSA server. The question is about the RSA, I'm guessing I just require the RSA ACE server and associated key fobs?

Which client could / should be used the RSA or Cisco one?

Anyone have any practical experience of this configuration?

Many thanks,

Robin

1 Reply 1

daviddtran
Level 1
Level 1

yes, I have done this many times with both Checkpoint and Pix firewall for Remote access VPN. I used Cisco ACS 3.2 and pix use Radius

authentication to the ACS 3.2. Then the ACS will proxy off that radius request to the RSA

SecurID server.

You need the following:

1) in the ACS Server, make sure you install

the RSA agent and configure it properly.

2) Create external users database for certain

group/users. When user is unknown, forward

it to the RSA SecurID server.

3) on the RSA SecurID, make sure you create

the ACS server as an agent. you need to create a sdconf.rec file and place it in the

ACS server.

The ACS server SecurID agent has a tool for you to verify the connectivity.

The setup is actually very simple.

David

CCIE Security

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: