Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX-535 RSA Secure ID config question

I am trying to configure my PIX-535 to prompt for RSA Secure ID authentication.

So when somebody tries to get to a paticular website, the PIX-535 will put up a Secure ID page and forward the response to our RSA Secure ID server.

Any help?

3 REPLIES
Silver

Re: PIX-535 RSA Secure ID config question

RSA SecurID: Provides strong, two-factor authentication using tokens in conjunction with the RSA ACE/Server.RSA Keys-RSA is the public key cryptographic system developed by Ron Rivest, Adi Shamir, and Leonard Adleman. RSA keys come in pairs: one public key and one private key.

Re: PIX-535 RSA Secure ID config question

Sean,

I am not sure how you would do it for RSA - but to authenticate a HTTP/HTTPS request from inside out:-

access-list HTTP_authentication line 1 extended permit tcp x.x.x.x y.y.y.y 0.0.0.0 0.0.0.0 eq http

aaa authentication match HTTP_authentication Lan-2-Lan LOCAL(for local uid/pwd in the ASA) or you could have a set of authentication servers that you would name here.

The issue I see with trying RSA - is how the browser would send the information back to the ASA and then forward onto the securID server.

I do know that you can use "Challenge/Response Authentication - CRACK" for remote VPN connections, don't think you can use this for http auth.

HTH.

Silver

Re: PIX-535 RSA Secure ID config question

here is a typical scenario:

1- Install Cisco ACS on a server,

2- Install RSA SecurID on another Server,

3- create an agent host on the RSA SecurID Server for tthe Cisco ACS server. Generate

the sdconf.rec file for the Cisco ACS server,

4- copy the sdconf.rec file over to the Cisco

ACS server in the C:\Windows\System32 directory,

5- Install RSA Agent software on the Cisco

ACS server,

6- create account on the RSA SecurID Server,

7- setup Cisco ACS to forward authentication

request to RSA SecurID server,

8- setup the ASA like what Andrew described,

9- now from the client machine, do http://www.cisco.com. You will get prompted

for authentication,

That's pretty much it.

300
Views
0
Helpful
3
Replies