https://community.cisco.com/t5/network-access-control/asa-tacacs-sdi-rsa-authentication-and-authorisation/m-p/1510960#M297541 <P>Hello friends,</P><P>Please allow me to resurect this old post!</P><P>Did you find your answer? My IT manager is asking me to integrate RSA token with our TACACS. Is it possible to add that second factor of authentication for managing my whole network devices?</P><P>Regards!</P> Mon, 23 Jun 2014 01:38:41 GMT alexdelangel 2014-06-23T01:38:41Z https://community.cisco.com/t5/network-access-control/asa-tacacs-sdi-rsa-authentication-and-authorisation/m-p/1510957#M297512 <P>Hi guys</P><P>Just wondering if this can be done:</P><P></P><P>We have a RSA server and TACACS server, all working fine.</P><P>We would like to put in 2 factor authentication using our RSA token to manage our ASA box.</P><P></P><P>Now, I have got the 2 factor authentication working (tested it with SSH to ASA box) but it seems like it allows anyone with an account on the RSA server to login to the box. We don't want this, we want to be able to lock it down to only few accounts.</P><P></P><P>We also have a TACACS server. Logging in to the ASA box using TACACS local accounts work fine <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/happy.gif"></SPAN></P><P></P><P>I understand that authorisation doesn't work with RSA, and one of the suggestions that I received was to add the RSA server into TACACS, create the user groups / users we want and use TACACS for both authentication and authorisation. Is that right? Some pointers would be appreciated <span class="lia-unicode-emoji" title=":neutral_face:">😐</span></P> Mon, 11 Mar 2019 00:22:28 GMT https://community.cisco.com/t5/network-access-control/asa-tacacs-sdi-rsa-authentication-and-authorisation/m-p/1510957#M297512 jafaruddinlie 2019-03-11T00:22:28Z https://community.cisco.com/t5/network-access-control/asa-tacacs-sdi-rsa-authentication-and-authorisation/m-p/1510958#M297514 <HTML><HEAD></HEAD><BODY><P>Basically the Tacacs+ is a AA protocol with authentication and authorisation at the same time. I configured the ASA with the ASDM for the Tacacs use. Therefore you should look for the problem with the timeouts, I had troubles that every 30 sec the RSA user ran into a timeout.</P><P>I suggest you that you create a group on the ACS for the firewall admins.</P><P></P><P>cheers Martin</P></BODY></HTML> Sat, 04 Sep 2010 09:09:31 GMT https://community.cisco.com/t5/network-access-control/asa-tacacs-sdi-rsa-authentication-and-authorisation/m-p/1510958#M297514 martin_knorre 2010-09-04T09:09:31Z https://community.cisco.com/t5/network-access-control/asa-tacacs-sdi-rsa-authentication-and-authorisation/m-p/1510959#M297521 <HTML><HEAD></HEAD><BODY><P>Yep maybe I didn't explain myself very well <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> Thank you for your reply, sorry it took this long for me to write back. I'll have a look at the timeout issue, thanks for the heads up. Could be some ports that need to be opened, who knows <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Thu, 16 Sep 2010 09:49:24 GMT https://community.cisco.com/t5/network-access-control/asa-tacacs-sdi-rsa-authentication-and-authorisation/m-p/1510959#M297521 jafaruddinlie 2010-09-16T09:49:24Z https://community.cisco.com/t5/network-access-control/asa-tacacs-sdi-rsa-authentication-and-authorisation/m-p/1510960#M297541 <P>Hello friends,</P><P>Please allow me to resurect this old post!</P><P>Did you find your answer? My IT manager is asking me to integrate RSA token with our TACACS. Is it possible to add that second factor of authentication for managing my whole network devices?</P><P>Regards!</P> Mon, 23 Jun 2014 01:38:41 GMT https://community.cisco.com/t5/network-access-control/asa-tacacs-sdi-rsa-authentication-and-authorisation/m-p/1510960#M297541 alexdelangel 2014-06-23T01:38:41Z