06-21-2014 08:48 PM - edited 03-10-2019 09:49 PM
Hello friends,
I currently have an ASA 5520 9.0 concentrating remote Access VPN authenticated trhough an ACS Radius server. I also have an ACS Tacacs+ server for authenticating access to the network devices (routers, switches, etc). My IT Manager asked me to integrate a second level of authentication through RSA token´s. Question´s:
How does it work?
Can I use my ACS Tacacs+ as a redundancy method for authenticating VPN´s in the case that my Radius server goes down?
Can I user my ACS Radius server as a redundancy method for authenticating management to my network devices in the case my Tacacs+ server goes down?
Also, the RSA token can be used to authenticate access for managing the network devices?
Any comment, will be appreciated.
Regards!
Solved! Go to Solution.
06-23-2014 04:07 AM
RSA has a built in radius server and in itself it can serve as two factor.
using RSA Token server in it self is two factor as you use a PIN and passcode.
Using Tacacs+ for VPN is not feasible.
Check with your RSA admin for integration steps.
What you can is, integrate ASA with RSA directly and integrate ACS with RSA as well.
That way you have redundancy to the RSA server.
http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/117038-config-securid-00.html
http://www.cisco.com/c/en/us/support/docs/security-vpn/secureid-sdi/116304-technote-rsa-00.html
Rate if Useful :)
Sharing knowledge makes you Immortal.
Regards,
Ed
06-23-2014 04:07 AM
RSA has a built in radius server and in itself it can serve as two factor.
using RSA Token server in it self is two factor as you use a PIN and passcode.
Using Tacacs+ for VPN is not feasible.
Check with your RSA admin for integration steps.
What you can is, integrate ASA with RSA directly and integrate ACS with RSA as well.
That way you have redundancy to the RSA server.
http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/117038-config-securid-00.html
http://www.cisco.com/c/en/us/support/docs/security-vpn/secureid-sdi/116304-technote-rsa-00.html
Rate if Useful :)
Sharing knowledge makes you Immortal.
Regards,
Ed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide