02-02-2007 01:33 PM - edited 03-10-2019 02:57 PM
Hi,
There are couple of cisco 3030 vpn servers in our network. Users use soft token to auth to these servers. Servers are running version 4.7.2D. I am not sure why but the SDI servers are actualy configured to talk to cisco boxes via Radius protocol. I am not sure why would someone will setup SDI on Cisco like this, but its been working for a while. I am having issue where soft tokens are getting corrupt and I am not sure if this is one of the resons or not!!.
Can someone provide some insight on :-
a) RSA Servers configured via Radius ?? Why would we do this?
b) Any ideas to troubleshoot soft token corruption.
Many Thanks
02-03-2007 12:04 PM
Rajiv
There might be some reasons why the 3030s were set up to authenticate via Radius using RSA soft tokens. Are there other Cisco devices in the network that authenticate via soft token? In IOS and in Catalyst there is not support for direct communication with RSA so if you want to authenticate via soft token it must be configured to authenticate with TACACS or Radius and the TACACS or Radius server must send the authentication request to RSA. If there are other Cisco devices authenticating for soft token then perhaps the 3030s were set up that way for consistency.
I doubt that authenticating with Radius is causing soft tokens to become corrupted.
HTH
Rick
02-04-2007 11:43 PM
Hi Rick,
Thank you for clarifing this, Though I dont have much experience with doing SDI with radius on VPN3K's, do you suggest changing them in regular SDI auth instead of having a radius interface?
Thats all!
HTH
Jj
02-05-2007 12:41 AM
Not sure if you're VPNs are doing RADIUS direct to the RSA server, or via a AAA server.
The latter makes sense because you might want/need more than just authentication. The AAA server can do authorisation as well.
Darran
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide