[c-nsp] RSA SecurID and ASA

Ahmad Al-Dosari adosari at gmail.com
Thu Jul 26 23:04:22 EDT 2007


Hi,

I never tested it before but I am going to do a similar thing within the
next couple of weeks. Go to the below link it might have some pointers for
you:

http://rsasecurity.agora.com/rsasecured/product.asp?id=1487

HTH,
adosari

On 7/26/07, Sven Juergensen (KielNET) <s.juergensen at kielnet.de> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dear list,
>
> did anyone ever have a PIX using ASA 7.2.1
> authenticate VPN users against an RSA
> Authentication Manager?
>
> Relevant (AFAIK) config parts as follows:
>
> - --->8---
> aaa-server rsa protocol sdi
> reactivation-mode timed
> aaa-server rsa (inside) host 1.2.3.4
> retry-interval 3
> timeout 13
>
> [...]
>
> tunnel-group nolight general-attributes
> address-pool deep
> authentication-server-group rsa
> default-group-policy somepolicy
> - ---8<---
>
> The numbers from 'show aaa-server rsa'
> don't change at all once authentication
> requests initiate, everything stays zeroed.
> However, when using radius instead of sdi,
> the PIX suddenly decides to throw some
> packets towards the Authentication Manager.
>
> Using sdi/RSA instead makes Wireshark
> report silence on the wire...
>
> What am i missing here?
>
> Any pointers greatly appreciated.
>
> Best regards,
>
> sven03
>


More information about the cisco-nsp mailing list