I am currently working on this project to migrate our current working RSA Auth Manager server from our Branch to the DC. Since the current RSA server is quite old, i have decided to build a new one with 8.0 Manager. The new server has been configured, and new token has been uploaded to it as well. Now it's time to tight new server with the ASA VPN tunnel. My goal is to tight the new server with the tunnel without disrupting traffic with the old server(I don't know a few settings for the old server usch as radius password;therefore, if i take the risk of delete or make any change, i may not be able to get it to work). I know the commands to type, but my question is since the old server will be at the top, how would i go to send authentication request to the second server on the list, in this case my newly added RSA server?
I also would like to keep the old server running while i am testing 8.0 server. Would like to keep the old server for up to 3 months;therefore, would like to have both servers authenticate clients..
I have infact get the key from the config for the current RSA MA server, but i am still reluctant to just remove the server since i am still testing. Therefore, i don't want to touch that server till i am 100% certain the new one is configured and runninf properly.
As per priority, i have tried the fail/active command in the ASA.
i have issued:
aaa-server rsa fail host 192.168.xx.x1
aaa-server rsa2 active host 192.16x.xx.x2
But since rsa(192.168.3.41) is that the top of the list,when i tried(test) to authenticate, it becomes active on his own. The packets never made it to rsa2!!
Helps meet PCI* compliance.
Threat protection built into ISR and ISRv branch routers and CSR
Complements ISR Integrated Security
Lightweight IPS solution with low TCO (Total Cost of Ownership) and automated signature updates
Supports VRF (16.6)
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...