Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SDI or Radius ?


There are couple of cisco 3030 vpn servers in our network. Users use soft token to auth to these servers. Servers are running version 4.7.2D. I am not sure why but the SDI servers are actualy configured to talk to cisco boxes via Radius protocol. I am not sure why would someone will setup SDI on Cisco like this, but its been working for a while. I am having issue where soft tokens are getting corrupt and I am not sure if this is one of the resons or not!!.

Can someone provide some insight on :-

a) RSA Servers configured via Radius ?? Why would we do this?

b) Any ideas to troubleshoot soft token corruption.

Many Thanks

Hall of Fame Super Silver

Re: SDI or Radius ?


There might be some reasons why the 3030s were set up to authenticate via Radius using RSA soft tokens. Are there other Cisco devices in the network that authenticate via soft token? In IOS and in Catalyst there is not support for direct communication with RSA so if you want to authenticate via soft token it must be configured to authenticate with TACACS or Radius and the TACACS or Radius server must send the authentication request to RSA. If there are other Cisco devices authenticating for soft token then perhaps the 3030s were set up that way for consistency.

I doubt that authenticating with Radius is causing soft tokens to become corrupted.



New Member

Re: SDI or Radius ?

Hi Rick,

Thank you for clarifing this, Though I dont have much experience with doing SDI with radius on VPN3K's, do you suggest changing them in regular SDI auth instead of having a radius interface?

Thats all!




Re: SDI or Radius ?

Not sure if you're VPNs are doing RADIUS direct to the RSA server, or via a AAA server.

The latter makes sense because you might want/need more than just authentication. The AAA server can do authorisation as well.


CreatePlease login to create content