Cisco ACS, single-login and RSA SecurID

Unanswered Question

we need to deploy the following

1. both internet IPsec VPN and SSL VPN will run from a Cisco ASA5510

2. Users use the same credential as their office Windows AD Domain, aka single-login

3. RSA server has been installed to provide two-factor authentication. User will have a RSA SecurID token and enter token number upon login of VPN


1. do we need a Cisco ACS?

2. if ACS is optional, what is the benefit of ACS?

3. does ASA firewall talk to RSA or ACS will communicate with RSA?

I guess I need to understand all the necessary components and data flows the high level


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cisco24x7 Mon, 12/22/2008 - 05:21
User Badges:
  • Silver, 250 points or more

1- No. You can use the radius function on the

RSA Server itself. However, the radius

function in the RSA Server is very limited,

unless, you use the RSA server appliance with

has Juniper/Steelbelt radius, then it will have

everything you need. The alternative is

to use Microsoft IAS with RSA server.

2- ACS provides much more than what you


3- Firewall communicates with ACS or it can

communicate with RSA if Radius is running

on the RSA Server.


This Discussion