ACS 4.2 integration with RSA appliance

Unanswered Question
Apr 8th, 2010
User Badges:

I am trying to integrate our ACS server with a RSA 130 appliance.  I have the appliance on the wire and tokens imported and a user assigned.  I have also installed the RSA security Console on the ACS server.  When I attempt to do the authentication test it fails.  The error I get from the RSA server is that the Authentication Mode fails.

User “TestRSAVPN” attempted to authenticate using  authenticator “SecurID_Native”. The user belongs to security domain  “CSIEmployees”.

The authentication policy is set for SecurID_Native for this user.  I also can't purge the node secret for it is grayed out.  When I attempt to VPN with a token I never see the ACS try to connect to the RSA server and we get a failed:

04/08/2010 15:15:07 Authen failed TestRSAVPN CSINetops External DB password invalid.

I have attempted to follow all the guides but I am lost on what I am doing incorrectly.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
joeharb Fri, 04/09/2010 - 11:29
User Badges:

Ok, I am not a little further.  I have got the Test Authentication to work and now I have a node secret between the ACS and the RSA server.  Now when I attempt to VPN in I never see any traffic from the ACS server to the RSA server.  I don't see anything in the Monitoring tool for the RSA and I simply recieve an External DB password invalid.  I have a sniffer attached and I don't ever see the ACS attempt to connect to the RSA.  The user I am testing with is setup to use the RSA Secure Token Server.  I have contacted RSA but now they are saying it is an ACS issue.

Anyone have any suggestions?



joeharb Wed, 04/28/2010 - 06:19
User Badges:

Ok, I haven't gotten any feedback on this..I am able to now authenticate via the RSA SecurID appliance.  I have added a Replica to the enviroment for RSA.  I have generated a new sdconf.rec file and copied it to the ACS server c:\windows\system32 folder.  I rebooted the ACS but I still don't see the replica in the RSA Authentication Agent.  Does anyone know how I can update the ACS to where it will attempt to send to the replica once the primary is down?




This Discussion