Solved: RSA has a built in radius

alexdelangel · ‎06-21-2014

Hello friends,

I currently have an ASA 5520 9.0 concentrating remote Access VPN authenticated trhough an ACS Radius server. I also have an ACS Tacacs+ server for authenticating access to the network devices (routers, switches, etc). My IT Manager asked me to integrate a second level of authentication through RSA token´s. Question´s:

How does it work?

Can I use my ACS Tacacs+ as a redundancy method for authenticating VPN´s in the case that my Radius server goes down?

Can I user my ACS Radius server as a redundancy method for authenticating management to my network devices in the case my Tacacs+ server goes down?

Also, the RSA token can be used to authenticate access for managing the network devices?

Any comment, will be appreciated.

Regards!

edwardcollins7 · ‎06-23-2014

RSA has a built in radius server and in itself it can serve as two factor.

using RSA Token server in it self is two factor as you use a PIN and passcode.

Using Tacacs+ for VPN is not feasible.

Check with your RSA admin for integration steps.

What you can is, integrate ASA with RSA directly and integrate ACS with RSA as well.

That way you have redundancy to the RSA server.

http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/117038-config-securid-00.html

http://www.cisco.com/c/en/us/support/docs/security-vpn/secureid-sdi/116304-technote-rsa-00.html

Rate if Useful :)

Sharing knowledge makes you Immortal.

Regards,

Ed

View solution in original post

edwardcollins7 · ‎06-23-2014