[c-nsp] RSA SecurID and ASA

Sven Juergensen (KielNET) s.juergensen at kielnet.de
Thu Jul 26 10:25:57 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear list,

did anyone ever have a PIX using ASA 7.2.1
authenticate VPN users against an RSA
Authentication Manager?

Relevant (AFAIK) config parts as follows:

- --->8---
aaa-server rsa protocol sdi
 reactivation-mode timed
aaa-server rsa (inside) host 1.2.3.4
 retry-interval 3
 timeout 13

[...]

tunnel-group nolight general-attributes
 address-pool deep
 authentication-server-group rsa
 default-group-policy somepolicy
- ---8<---

The numbers from 'show aaa-server rsa'
don't change at all once authentication
requests initiate, everything stays zeroed.
However, when using radius instead of sdi,
the PIX suddenly decides to throw some
packets towards the Authentication Manager.

Using sdi/RSA instead makes Wireshark
report silence on the wire...

What am i missing here?

Any pointers greatly appreciated.

Best regards,

sven03

- --
Mit freundlichen Gruessen

i. A. Sven Juergensen

Fachbereich
Informationstechnologie

KielNET GmbH
Gesellschaft fuer Kommunikation
Preusserstr. 1-9, 24105 Kiel

Telefon : 0431 / 2219-053
Telefax : 0431 / 2219-005
E-Mail  : s.juergensen at kielnet.de
Internet: http://www.kielnet.de

AS# 25295
Key fingerprint:
65B6 90FC 010A 39CE DCA5  336D 9C45 3B7A B02D E132

Geschaeftsfuehrer Eberhard Schmidt
HRB 4499 (Amtsgericht Kiel)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGqK71nEU7erAt4TIRAk1kAJ0RmatcV24bDjKIuI//alm0DjF5QwCfV03L
94Yw8cn5RLRbi/EFt0/7WeE=
=nmE9
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list