Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1712
Views
8
Helpful
7
Replies

Cisco routers Integration with RSA token

jeansamarani
Level 1
Level 1

‎04-16-2009 06:15 AM

Hi All,

can anyone provide me with a link or a documentation for how to integrate cisco routers with rsa tokens ?

thanks for the help.

Jean

Labels:
0 Helpful
7 Replies 7

Richard Burts
Hall of Fame
Hall of Fame

‎04-16-2009 07:27 AM

Jean

If you are looking for a way to have IOS routers authenticate directly with an RSA token server, I do not believe that this is supported. You should be able to get authentication on the router using RSA tokens by configuring aaa authentication on the router to go to an authentication server (perhaps ACS) which would use RSA as an external authentication service.

HTH

Rick

HTH

Rick

jeansamarani
Level 1
Level 1
In response to Richard Burts

‎04-16-2009 07:38 AM

Hi Rick,

do you mean that I will still be able to use the token in the scenario that you have mentioned even if i am not authentication directly with a RSA token server? is there any link that describe and explain how to configure it ?

thanks

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to jeansamarani

‎04-16-2009 08:01 AM

Jean

Yes you can use the RSA tokens to authenticate on the IOS router. But the authentication communication is not directly from the router to the RSA server. The router should use Radius to an authentication server like ACS, and the authentication server is acting as the RSA client.

This link discusses how to set it up on ACS:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007dec4.html#4160

HTH

Rick

HTH

Rick
0 Helpful

jeansamarani
Level 1
Level 1
In response to Richard Burts

‎04-16-2009 08:17 AM

Rick,

the link that you have provided seems pretty good. but what about the configuration on the router ? the document doesn't mention anything,

can you please help ?

thanks

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to jeansamarani

‎04-16-2009 09:41 AM

Jean

The router would be a straightforward configuration of authentication using Radius. It might look something like this:

aaa authentication login default group radius line

aaa authentication enable default group radius enable

and configure the radius server something like this:

radius-server host

key

HTH

Rick

HTH

Rick
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to jeansamarani

‎04-16-2009 09:53 AM

Just set up your router to use the CiscoSecure ACS server as your radius server. One uses the standard commands on the router - e.g.:

"The following example shows how to configure the router to authorize using RADIUS:

aaa new-model

aaa authorization exec default group radius if-authenticated

aaa authorization network default group radius

radius-server host ip

radius-server key "

(from the Cisco ISO Security Configuration Guide - http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_authorizatn_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1001170 )

The router (or switch) only knows that it's using external authentication (your ACS server). It's the credentials you present at login time that the ACS server uses in passing your user-provided tokencode to the RSA server. The router is just passing your credentials along and waiting for access authorization to be returned from the ACS server.

Hope this helps. Please rate helpful posts.

jeansamarani
Level 1
Level 1
In response to Marvin Rhoads

‎04-16-2009 10:24 AM

ok thanks for the information. I think i have now enough information to start with.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents