×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Setting up 2 factor authentication to a PIX?

Unanswered Question
vayusa1234 Fri, 06/02/2006 - 13:06
User Badges:

We are running accross the same thing here, my question is what tacacs+ or tacacs server supports two factor authentication?

according to this article: "The Power Behind RSA SecurID® Two-factor User Authentication: RSA ACE/Server"


page 4of11 it seems that tacacs+ supports server sessions.


http://www.opsec.com/solutions/partners/downloads/rsa_securid_whitepaper.pdf


"Most leading remote access server, firewall,

VPN and router products have built-in RSA ACE/Agents for compatibility with RSA SecurID two-factor authentication. In addition, both TACACS+ and RADIUS authentication support RSA ACE/Server sessions."



anyways, in general, what is the best way to set up 2 factor authentication on a pix ?




Fernando_Meza Sat, 06/03/2006 - 02:49
User Badges:
  • Gold, 750 points or more

Hi .. the best two factor authentication that I have come across is always RSA secureID. Basically you configure the AAA options in your PIX as radius client while the RSA ACE is the radius server.


This is a quick example that I have set up in the past using an ASA.


I hope it helps .. please rate it if it does !!!


aaa-server RADIUS_SERVERS protocol radius

aaa-server RADIUS_SERVERS host RSA_SERVER

timeout 5

key ********


tunnel-group GT_VPN_RSA type ipsec-ra

tunnel-group GT_VPN_RSA general-attributes

address-pool VPN_rsa_pool

authentication-server-group RADIUS_SERVERS

tunnel-group GT_VPN_RSA ipsec-attributes

pre-shared-key *


For configurating on a PIX running 6.XX you can check the command reference under aaa-server and vpngroup commands


http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_book09186a008017284e.html


I hope it helps ... please rate it if it does !!!







Actions

This Discussion