Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Integration with RSA Token


I would like to know if it's possible and supported to have authentication to a router using double authentication using a token ( PIN Code + Password ). The attached document doesn't describe enough this.

I am being told that RSA supports only the VPN access.

please advise.

thanks in advance.


Hall of Fame Super Silver

Re: Integration with RSA Token


It is possible to authenticate user access on a Cisco IOS router using RSA tokens to authenticate. I have done this numerous times and it works. But the IOS router does not communicate directly with the RSA authentication server (it does not use the RSA mode natively). The IOS router would communicate with a Radius server (using the Radius set of protocols) and the Radius server would pass the authentication request to RSA for processing.

Some Cisco VPN devices (the C3000 series VPN concentrator and the ASA5500 series) do have the ability to communicate directly with RSA (in native mode). But the Cisco IOS router does not do this. It might be helpful to realize that in configuring authentication on the Cisco IOS router that the alternatives supported are TACACS, Radius, and local resources.

So if your objective is to authenticate users on Cisco IOS routers using RSA tokens then it does work (and could be for remote access like telnet and SSH or could be for VPN remote access). But if your objective is to have the router communicate directly with RSA for authentication then it does not work.



New Member

Re: Integration with RSA Token


thanks for the clarification. is there any documentation on Cisco that can be helpful ?



Hall of Fame Super Silver

Re: Integration with RSA Token

Cisco's TACACS+/RADIUS server is the Cisco Secure Access Control Server (ACS) product. It is available as an appliance or as a software product. Version 4.2 is the latest version. Here is a link to the User Guide:

and the data sheet:

As mentioned earlier, integration with an RSA SecureID token-based authentication method is via the TACACS+/RADIUS server as the authentication broker. Your routers and switches are set for external authentication to the ACS server. The ACS server, in turn, looks to the RSA server for one-time password verification. See the deployment guide at:

for more information.

CreatePlease login to create content