Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 4.2 integration with RSA appliance

I am trying to integrate our ACS server with a RSA 130 appliance.  I have the appliance on the wire and tokens imported and a user assigned.  I have also installed the RSA security Console on the ACS server.  When I attempt to do the authentication test it fails.  The error I get from the RSA server is that the Authentication Mode fails.

User “TestRSAVPN” attempted to authenticate using  authenticator “SecurID_Native”. The user belongs to security domain  “CSIEmployees”.

The authentication policy is set for SecurID_Native for this user.  I also can't purge the node secret for it is grayed out.  When I attempt to VPN with a token I never see the ACS try to connect to the RSA server and we get a failed:

04/08/2010 15:15:07 Authen failed TestRSAVPN CSINetops 172.16.11.116 External DB password invalid.

I have attempted to follow all the guides but I am lost on what I am doing incorrectly.

Thanks,

Joe

2 REPLIES
New Member

Re: ACS 4.2 integration with RSA appliance

Ok, I am not a little further.  I have got the Test Authentication to work and now I have a node secret between the ACS and the RSA server.  Now when I attempt to VPN in I never see any traffic from the ACS server to the RSA server.  I don't see anything in the Monitoring tool for the RSA and I simply recieve an External DB password invalid.  I have a sniffer attached and I don't ever see the ACS attempt to connect to the RSA.  The user I am testing with is setup to use the RSA Secure Token Server.  I have contacted RSA but now they are saying it is an ACS issue.

Anyone have any suggestions?

Thanks,

Joe

New Member

Re: ACS 4.2 integration with RSA appliance

Ok, I haven't gotten any feedback on this..I am able to now authenticate via the RSA SecurID appliance.  I have added a Replica to the enviroment for RSA.  I have generated a new sdconf.rec file and copied it to the ACS server c:\windows\system32 folder.  I rebooted the ACS but I still don't see the replica in the RSA Authentication Agent.  Does anyone know how I can update the ACS to where it will attempt to send to the replica once the primary is down?

Thanks,

Joe

1707
Views
0
Helpful
2
Replies
CreatePlease login to create content