I am trying to integrate our ACS server with a RSA 130 appliance. I have the appliance on the wire and tokens imported and a user assigned. I have also installed the RSA security Console on the ACS server. When I attempt to do the authentication test it fails. The error I get from the RSA server is that the Authentication Mode fails.
User “TestRSAVPN” attempted to authenticate using authenticator “SecurID_Native”. The user belongs to security domain “CSIEmployees”.
The authentication policy is set for SecurID_Native for this user. I also can't purge the node secret for it is grayed out. When I attempt to VPN with a token I never see the ACS try to connect to the RSA server and we get a failed:
Ok, I am not a little further. I have got the Test Authentication to work and now I have a node secret between the ACS and the RSA server. Now when I attempt to VPN in I never see any traffic from the ACS server to the RSA server. I don't see anything in the Monitoring tool for the RSA and I simply recieve an External DB password invalid. I have a sniffer attached and I don't ever see the ACS attempt to connect to the RSA. The user I am testing with is setup to use the RSA Secure Token Server. I have contacted RSA but now they are saying it is an ACS issue.
Ok, I haven't gotten any feedback on this..I am able to now authenticate via the RSA SecurID appliance. I have added a Replica to the enviroment for RSA. I have generated a new sdconf.rec file and copied it to the ACS server c:\windows\system32 folder. I rebooted the ACS but I still don't see the replica in the RSA Authentication Agent. Does anyone know how I can update the ACS to where it will attempt to send to the replica once the primary is down?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :