Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ASA 5510/RSA SecurID Appliance Integration

Using Network Address Translation, we use (1) outside ip address for multiple internal website logins. That is, the first site would be xxx.xxx.xxx:81 and the second might be xxx.xxx.xxx:82 etc.

We're planning on using the Cisco ASA's native RSA authentication to protect (1) of these internal websites, and have successfully configured the AAA Server (the RSA box) in the SDI Server Group. However, when trying to come up with a AAA Server Rule, the Destination won't let me specify both the ip address and port I'd like to protect, only the ip address. So, I can protect everything on that outside ip address, but not the specific internal web server that the user request gets natted to.

Specific Setup: Cisco ASA 5510 Adaptive Security Appliance, Software Version 8.2(1)

                       Device Manager 6.2(1)

                       RSA SecurID 130 Appliance

Any thoughts on how this might be configured?

Thanks

1 REPLY
Cisco Employee

Re: Cisco ASA 5510/RSA SecurID Appliance Integration

Hi James,

what are the commands you are using ?

Something like this should work:

access-list RSA_AUTH extended permit tcp any host xxx.xxx.xxx.xxx eq 81
aaa authentication match RSA_AUTH outside myAAAservergroup

or

access-list RSA_AUTH extended permit tcp any interface outside eq 81
aaa authentication match RSA_AUTH outside myAAAservergroup

hth

Herbert

2107
Views
0
Helpful
1
Replies