cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
737
Views
0
Helpful
1
Replies

Cisco ACS, single-login and RSA SecurID

yifan.wang
Level 1
Level 1

we need to deploy the following

1. both internet IPsec VPN and SSL VPN will run from a Cisco ASA5510

2. Users use the same credential as their office Windows AD Domain, aka single-login

3. RSA server has been installed to provide two-factor authentication. User will have a RSA SecurID token and enter token number upon login of VPN

questions:

1. do we need a Cisco ACS?

2. if ACS is optional, what is the benefit of ACS?

3. does ASA firewall talk to RSA or ACS will communicate with RSA?

I guess I need to understand all the necessary components and data flows the high level

thanks

1 Reply 1

cisco24x7
Level 6
Level 6

1- No. You can use the radius function on the

RSA Server itself. However, the radius

function in the RSA Server is very limited,

unless, you use the RSA server appliance with

has Juniper/Steelbelt radius, then it will have

everything you need. The alternative is

to use Microsoft IAS with RSA server.

2- ACS provides much more than what you

required.

3- Firewall communicates with ACS or it can

communicate with RSA if Radius is running

on the RSA Server.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: