Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RSA SecureID ONLY suported via CiscoSecure ACS?

I have an Ascend NavisRadius server that authenticates SOME users using "ordinary" password and SOME using SecurID tokens.

I've configured a Cisco 2600 to provide another access point to our network.

Radius authentications works perfectly for "ordinary" passwords but fails if SecurID authentication is requested (Password="ACE" on user record).

Debugging radius, I see Radius and Ace server exchange user and token details, but a "password incorrect" message is always (or almost..) returned by Ace machine.

The same user is authenticated correctly if the access with the token is done via the Ascend NAS.

Since Radius and Ace servers pass each other the SAME USER RECORD when both Cisco and Ascend routers request authentication, there must be some parameter to be specified at Radius-server or AAA level in the 2600 that makes work the record exchange.

Useless to say, I've tried a lot of parameters and attributes combinations and I've read the article in http://www.cisco.com/en/US/customer/partners/pr46/pr13/partners_pgm_white_paper09186a00800b0e8c.shtml

Any suggestion?

Thanks in advance,

Piero.

P.S. In a previous post i've read that RSA SecureID is suported via CiscoSecure ACS. Is it the ONLY CHOICE?

1 REPLY
New Member

Re: RSA SecureID ONLY suported via CiscoSecure ACS?

Solved!

I had to install new image c2600-c-mz.123-3.bin (previous was c2600-is-mz.122-11.T2.bin), so CiscoSecure is not the only ACS to support RSA SecurID tokens

121
Views
0
Helpful
1
Replies
CreatePlease login to create content