05-19-2008 06:40 AM - edited 03-11-2019 05:46 AM
I am trying to configure my PIX-535 to prompt for RSA Secure ID authentication.
So when somebody tries to get to a paticular website, the PIX-535 will put up a Secure ID page and forward the response to our RSA Secure ID server.
Any help?
05-23-2008 07:01 AM
RSA SecurID: Provides strong, two-factor authentication using tokens in conjunction with the RSA ACE/Server.RSA Keys-RSA is the public key cryptographic system developed by Ron Rivest, Adi Shamir, and Leonard Adleman. RSA keys come in pairs: one public key and one private key.
05-23-2008 07:32 AM
Sean,
I am not sure how you would do it for RSA - but to authenticate a HTTP/HTTPS request from inside out:-
access-list HTTP_authentication line 1 extended permit tcp x.x.x.x y.y.y.y 0.0.0.0 0.0.0.0 eq http
aaa authentication match HTTP_authentication Lan-2-Lan LOCAL(for local uid/pwd in the ASA) or you could have a set of authentication servers that you would name here.
The issue I see with trying RSA - is how the browser would send the information back to the ASA and then forward onto the securID server.
I do know that you can use "Challenge/Response Authentication - CRACK" for remote VPN connections, don't think you can use this for http auth.
HTH.
05-23-2008 10:44 AM
here is a typical scenario:
1- Install Cisco ACS on a server,
2- Install RSA SecurID on another Server,
3- create an agent host on the RSA SecurID Server for tthe Cisco ACS server. Generate
the sdconf.rec file for the Cisco ACS server,
4- copy the sdconf.rec file over to the Cisco
ACS server in the C:\Windows\System32 directory,
5- Install RSA Agent software on the Cisco
ACS server,
6- create account on the RSA SecurID Server,
7- setup Cisco ACS to forward authentication
request to RSA SecurID server,
8- setup the ASA like what Andrew described,
9- now from the client machine, do http://www.cisco.com. You will get prompted
for authentication,
That's pretty much it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: