The AnyConnect SSL VPN Client has to be 'aware' that the RSA Software Token is installed and it needs to communicate with it via the RSA API. It is possible to authenticate Remote Access VPN Clients using RSA. RSA has an inbuilt RADIUS server (you may need to enable it). So configure aaa server and authentication on the router and set the client authentication to this radius server.
You need the following:
1) in the ACS Server, make sure you install the RSA agent and configure it properly.
2) Create external users database for certain group/users. When user is unknown, forward it to the RSA SecurID server.
3) on the RSA SecurID, make sure you create the ACS server as an agent. you need to create a sdconf.rec file and place it in the ACS server.
The ACS server SecurID agent has a tool for you to verify the connectivity. The setup is actually very simple.
Your comments about what to do on the ACS server may or may not be needed. I have set up Remote Access VPN on the 3000 series concentrator which the original poster is asking about and the concentrator communicated directly with the RSA server (not the Radius server) for authentication.
Also your comments about the AnyConnect client would be appropriate if the original poster were asking about Remote Access VPN on the ASA. But clearly he is asking about the 3030 concentrator and as far as I know the AnyConnect client is not supported on the 3000 series concentrator.
I am not aware of any option that will prompt for both the group password (which I assume is what you mean when you say network password) in addition to prompting for the user password (RSA password).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :