Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RSA Securid and FWSM

Hi,

I have a FWSM blade in a 6506 chassis. I am testing the feasability of being able to have users connect through the firewall and authenticate with an RSA ACE (Auth Manager v6.1 for WIN). I spoke to RSA and the only feedback I received was "the FWSM is not supported by the RSA ACE". It also says this in the FWSM data sheet about SDI. Before I do a lot of setting up and testing is there any way I could get this hardware to work by having the Cisco ACS in between, as the Cisco ACS is supported by the RSA ACE. Note: these are all LAN users, no dial-in, no VPN users.

LAN User A Securid  <>  FWSM  <Tacacs+ or Radius>  Cisco ACS  <SDI>  RSA ACE (AM v6.1)

I found this ACS/RSA doc on the Cisco web site from 2006.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080094650.shtml

Link to FWSM AAA support:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/aaa_f.html

Any info would be much appreciated.

Regards

Ken

FWSM AAA.jpg

1 REPLY

Re: RSA Securid and FWSM

Ken,

Yes integrating an ACS do to the front end radius or tacacs authentication is supported if you want authentication to be handled by an RSA or some other external Radius server on the backend.

Here is the latest documentation for our ACS 5.2 product which is now supported in vmware, you can always install the software on a virtual machine and run our 90 day evaluation license if you are trying to use this as a proof of concept or want to get more familiar with the product.

This link on managing and external id store can be found here: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/users_id_stores.html#wp1053043

You can also use AD or ldap for attribute retreval in order to assign different policies for different levels of admins.

Let me know if you need help with anything else.

Thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*
705
Views
0
Helpful
1
Replies