[c-nsp] RSA SecurID and ASA
Sven Juergensen (KielNET)
s.juergensen at kielnet.de
Thu Jul 26 10:25:57 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear list,
did anyone ever have a PIX using ASA 7.2.1
authenticate VPN users against an RSA
Authentication Manager?
Relevant (AFAIK) config parts as follows:
- --->8---
aaa-server rsa protocol sdi
reactivation-mode timed
aaa-server rsa (inside) host 1.2.3.4
retry-interval 3
timeout 13
[...]
tunnel-group nolight general-attributes
address-pool deep
authentication-server-group rsa
default-group-policy somepolicy
- ---8<---
The numbers from 'show aaa-server rsa'
don't change at all once authentication
requests initiate, everything stays zeroed.
However, when using radius instead of sdi,
the PIX suddenly decides to throw some
packets towards the Authentication Manager.
Using sdi/RSA instead makes Wireshark
report silence on the wire...
What am i missing here?
Any pointers greatly appreciated.
Best regards,
sven03
- --
Mit freundlichen Gruessen
i. A. Sven Juergensen
Fachbereich
Informationstechnologie
KielNET GmbH
Gesellschaft fuer Kommunikation
Preusserstr. 1-9, 24105 Kiel
Telefon : 0431 / 2219-053
Telefax : 0431 / 2219-005
E-Mail : s.juergensen at kielnet.de
Internet: http://www.kielnet.de
AS# 25295
Key fingerprint:
65B6 90FC 010A 39CE DCA5 336D 9C45 3B7A B02D E132
Geschaeftsfuehrer Eberhard Schmidt
HRB 4499 (Amtsgericht Kiel)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGqK71nEU7erAt4TIRAk1kAJ0RmatcV24bDjKIuI//alm0DjF5QwCfV03L
94Yw8cn5RLRbi/EFt0/7WeE=
=nmE9
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list