Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

ACS integration with two different external RSA database

Hi All,

I need a help in the following scenario:

we have ACS server in place and also a RSA server integrated with it to be used as Token authentication. Now we are planning a new RAS box which should also get integrated with the current ACS box. Can anybody has a clue or a datasheet which says that a single ACS box can support two external RSA database.

1 REPLY
Silver

Re: ACS integration with two different external RSA database

Dominic

There's a few issues here.

1) Not sure if the native RSA external authenticator supports multiple instances - you've have to try it in ACS. Even then does the sd_conf config file tie you to a single RSA server?

2) Optionally if you have the RSA radius servers running you could create 2 external radius authenticators in ACS and do it that way.

3) You'd need to manually assign ACS users to one or other RSA instance. Because of how long an RSA authentication can take (possibly with multiple challenge/responses - think new pin) ACS would find it hard to do "unknown user authentication" if it had to back out of one authentication before trying another.

No to mention how long the client might wait for this to complete.

Its a suck and see situation. It might work, or it might not. Good luck!

145
Views
0
Helpful
1
Replies
CreatePlease to create content