Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2362
Views
0
Helpful
1
Replies

Cisco ASA 5510/RSA SecurID Appliance Integration

pagjsppagjsp
Level 1
Level 1

‎10-14-2010 04:01 PM - edited ‎03-10-2019 05:29 PM

Using Network Address Translation, we use (1) outside ip address for multiple internal website logins. That is, the first site would be xxx.xxx.xxx:81 and the second might be xxx.xxx.xxx:82 etc.

We're planning on using the Cisco ASA's native RSA authentication to protect (1) of these internal websites, and have successfully configured the AAA Server (the RSA box) in the SDI Server Group. However, when trying to come up with a AAA Server Rule, the Destination won't let me specify both the ip address and port I'd like to protect, only the ip address. So, I can protect everything on that outside ip address, but not the specific internal web server that the user request gets natted to.

Specific Setup: Cisco ASA 5510 Adaptive Security Appliance, Software Version 8.2(1)

                       Device Manager 6.2(1)

                       RSA SecurID 130 Appliance

Any thoughts on how this might be configured?

Thanks

Labels:
0 Helpful
1 Reply 1

Herbert Baerten
Cisco Employee
Cisco Employee

‎10-19-2010 02:47 PM

Hi James,

what are the commands you are using ?

Something like this should work:

access-list RSA_AUTH extended permit tcp any host xxx.xxx.xxx.xxx eq 81

aaa authentication match RSA_AUTH outside myAAAservergroup

or

access-list RSA_AUTH extended permit tcp any interface outside eq 81

aaa authentication match RSA_AUTH outside myAAAservergroup

hth

Herbert

0 Helpful
Customers Also Viewed These Support Documents