Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
631
Views
0
Helpful
3
Replies

PIX-535 RSA Secure ID config question

swoodyard
Level 1
Level 1

‎05-19-2008 06:40 AM - edited ‎03-11-2019 05:46 AM

I am trying to configure my PIX-535 to prompt for RSA Secure ID authentication.

So when somebody tries to get to a paticular website, the PIX-535 will put up a Secure ID page and forward the response to our RSA Secure ID server.

Any help?

Labels:
0 Helpful
3 Replies 3

smahbub
Level 6
Level 6

‎05-23-2008 07:01 AM

RSA SecurID: Provides strong, two-factor authentication using tokens in conjunction with the RSA ACE/Server.RSA Keys-RSA is the public key cryptographic system developed by Ron Rivest, Adi Shamir, and Leonard Adleman. RSA keys come in pairs: one public key and one private key.

0 Helpful

andrew.prince
Level 10
Level 10
In response to smahbub

‎05-23-2008 07:32 AM

Sean,

I am not sure how you would do it for RSA - but to authenticate a HTTP/HTTPS request from inside out:-

access-list HTTP_authentication line 1 extended permit tcp x.x.x.x y.y.y.y 0.0.0.0 0.0.0.0 eq http

aaa authentication match HTTP_authentication Lan-2-Lan LOCAL(for local uid/pwd in the ASA) or you could have a set of authentication servers that you would name here.

The issue I see with trying RSA - is how the browser would send the information back to the ASA and then forward onto the securID server.

I do know that you can use "Challenge/Response Authentication - CRACK" for remote VPN connections, don't think you can use this for http auth.

HTH.

0 Helpful

cisco24x7
Level 6
Level 6
In response to andrew.prince

‎05-23-2008 10:44 AM

here is a typical scenario:

1- Install Cisco ACS on a server,

2- Install RSA SecurID on another Server,

3- create an agent host on the RSA SecurID Server for tthe Cisco ACS server. Generate

the sdconf.rec file for the Cisco ACS server,

4- copy the sdconf.rec file over to the Cisco

ACS server in the C:\Windows\System32 directory,

5- Install RSA Agent software on the Cisco

ACS server,

6- create account on the RSA SecurID Server,

7- setup Cisco ACS to forward authentication

request to RSA SecurID server,

8- setup the ASA like what Andrew described,

9- now from the client machine, do http://www.cisco.com. You will get prompted

for authentication,

That's pretty much it.

Preview file
22 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card