ACS integration with two different external RSA database

Unanswered Question
Aug 3rd, 2009
User Badges:

Hi All,

I need a help in the following scenario:

we have ACS server in place and also a RSA server integrated with it to be used as Token authentication. Now we are planning a new RAS box which should also get integrated with the current ACS box. Can anybody has a clue or a datasheet which says that a single ACS box can support two external RSA database.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
darpotter Wed, 08/05/2009 - 01:45
User Badges:
  • Silver, 250 points or more


There's a few issues here.

1) Not sure if the native RSA external authenticator supports multiple instances - you've have to try it in ACS. Even then does the sd_conf config file tie you to a single RSA server?

2) Optionally if you have the RSA radius servers running you could create 2 external radius authenticators in ACS and do it that way.

3) You'd need to manually assign ACS users to one or other RSA instance. Because of how long an RSA authentication can take (possibly with multiple challenge/responses - think new pin) ACS would find it hard to do "unknown user authentication" if it had to back out of one authentication before trying another.

No to mention how long the client might wait for this to complete.

Its a suck and see situation. It might work, or it might not. Good luck!


This Discussion