Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2285
Views
5
Helpful
3
Replies

Integration with RSA Token

jeansamarani
Level 1
Level 1

‎05-24-2009 10:13 PM

Hi,

I would like to know if it's possible and supported to have authentication to a router using double authentication using a token ( PIN Code + Password ). The attached document doesn't describe enough this.

I am being told that RSA supports only the VPN access.

please advise.

thanks in advance.

Jean

Labels:
Preview file
183 KB
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎05-25-2009 07:02 AM

Jean

It is possible to authenticate user access on a Cisco IOS router using RSA tokens to authenticate. I have done this numerous times and it works. But the IOS router does not communicate directly with the RSA authentication server (it does not use the RSA mode natively). The IOS router would communicate with a Radius server (using the Radius set of protocols) and the Radius server would pass the authentication request to RSA for processing.

Some Cisco VPN devices (the C3000 series VPN concentrator and the ASA5500 series) do have the ability to communicate directly with RSA (in native mode). But the Cisco IOS router does not do this. It might be helpful to realize that in configuring authentication on the Cisco IOS router that the alternatives supported are TACACS, Radius, and local resources.

So if your objective is to authenticate users on Cisco IOS routers using RSA tokens then it does work (and could be for remote access like telnet and SSH or could be for VPN remote access). But if your objective is to have the router communicate directly with RSA for authentication then it does not work.

HTH

Rick

HTH

Rick

jeansamarani
Level 1
Level 1
In response to Richard Burts

‎05-25-2009 10:27 AM

Rick,

thanks for the clarification. is there any documentation on Cisco that can be helpful ?

regards,

jean

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to jeansamarani

‎05-25-2009 11:45 AM

Cisco's TACACS+/RADIUS server is the Cisco Secure Access Control Server (ACS) product. It is available as an appliance or as a software product. Version 4.2 is the latest version. Here is a link to the User Guide:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/ACS4_2UG.html

and the data sheet:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps2086/data_sheet_c78-453387.html

As mentioned earlier, integration with an RSA SecureID token-based authentication method is via the TACACS+/RADIUS server as the authentication broker. Your routers and switches are set for external authentication to the ACS server. The ACS server, in turn, looks to the RSA server for one-time password verification. See the deployment guide at:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps2086/prod_white_paper0900aecd80737943.pdf

for more information.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents