https://community.cisco.com/t5/network-access-control/acs-4-2-integration-with-rsa-appliance/m-p/1399503#M7675 <P>I am trying to integrate our ACS server with a RSA 130 appliance.&nbsp; I have the appliance on the wire and tokens imported and a user assigned.&nbsp; I have also installed the RSA security Console on the ACS server.&nbsp; When I attempt to do the authentication test it fails.&nbsp; The error I get from the RSA server is that the Authentication Mode fails. </P><P><SPAN id="logmonitorMsgtable" style="text-align: center; vertical-align: middle;">User “TestRSAVPN” attempted to authenticate using&nbsp; authenticator “SecurID_Native”. The user belongs to security domain&nbsp; “CSIEmployees”.</SPAN></P><P></P><P>The authentication policy is set for <SPAN id="logmonitorMsgtable" style="text-align: center; vertical-align: middle;">SecurID_Native for this user.&nbsp; I also can't purge the node secret for it is grayed out.&nbsp; When I attempt to VPN with a token I never see the ACS try to connect to the RSA server and we get a failed:</SPAN></P><P></P><P>04/08/2010 15:15:07 Authen failed TestRSAVPN CSINetops 172.16.11.116 External DB password invalid.</P><P></P><P>I have attempted to follow all the guides but I am lost on what I am doing incorrectly.</P><P></P><P>Thanks,</P><P></P><P>Joe</P> Fri, 21 Feb 2020 18:24:33 GMT joeharb 2020-02-21T18:24:33Z https://community.cisco.com/t5/network-access-control/acs-4-2-integration-with-rsa-appliance/m-p/1399503#M7675 <P>I am trying to integrate our ACS server with a RSA 130 appliance.&nbsp; I have the appliance on the wire and tokens imported and a user assigned.&nbsp; I have also installed the RSA security Console on the ACS server.&nbsp; When I attempt to do the authentication test it fails.&nbsp; The error I get from the RSA server is that the Authentication Mode fails. </P><P><SPAN id="logmonitorMsgtable" style="text-align: center; vertical-align: middle;">User “TestRSAVPN” attempted to authenticate using&nbsp; authenticator “SecurID_Native”. The user belongs to security domain&nbsp; “CSIEmployees”.</SPAN></P><P></P><P>The authentication policy is set for <SPAN id="logmonitorMsgtable" style="text-align: center; vertical-align: middle;">SecurID_Native for this user.&nbsp; I also can't purge the node secret for it is grayed out.&nbsp; When I attempt to VPN with a token I never see the ACS try to connect to the RSA server and we get a failed:</SPAN></P><P></P><P>04/08/2010 15:15:07 Authen failed TestRSAVPN CSINetops 172.16.11.116 External DB password invalid.</P><P></P><P>I have attempted to follow all the guides but I am lost on what I am doing incorrectly.</P><P></P><P>Thanks,</P><P></P><P>Joe</P> Fri, 21 Feb 2020 18:24:33 GMT https://community.cisco.com/t5/network-access-control/acs-4-2-integration-with-rsa-appliance/m-p/1399503#M7675 joeharb 2020-02-21T18:24:33Z https://community.cisco.com/t5/network-access-control/acs-4-2-integration-with-rsa-appliance/m-p/1399504#M7676 <HTML><HEAD></HEAD><BODY><P style="text-align: left;">Ok, I am not a little further.&nbsp; I have got the Test Authentication to work and now I have a node secret between the ACS and the RSA server.&nbsp; Now when I attempt to VPN in I never see any traffic from the ACS server to the RSA server.&nbsp; I don't see anything in the Monitoring tool for the RSA and I simply recieve an External DB password invalid.&nbsp; I have a sniffer attached and I don't ever see the ACS attempt to connect to the RSA.&nbsp; The user I am testing with is setup to use the RSA Secure Token Server.&nbsp; I have contacted RSA but now they are saying it is an ACS issue.</P><P></P><P style="text-align: left;">Anyone have any suggestions?</P><P></P><P style="text-align: left;">Thanks,</P><P></P><P style="text-align: left;">Joe</P></BODY></HTML> Fri, 09 Apr 2010 18:29:00 GMT https://community.cisco.com/t5/network-access-control/acs-4-2-integration-with-rsa-appliance/m-p/1399504#M7676 joeharb 2010-04-09T18:29:00Z https://community.cisco.com/t5/network-access-control/acs-4-2-integration-with-rsa-appliance/m-p/1399505#M7677 <HTML><HEAD></HEAD><BODY><P>Ok, I haven't gotten any feedback on this..I am able to now authenticate via the RSA SecurID appliance.&nbsp; I have added a Replica to the enviroment for RSA.&nbsp; I have generated a new sdconf.rec file and copied it to the ACS server c:\windows\system32 folder.&nbsp; I rebooted the ACS but I still don't see the replica in the RSA Authentication Agent.&nbsp; Does anyone know how I can update the ACS to where it will attempt to send to the replica once the primary is down?</P><P></P><P>Thanks,</P><P></P><P>Joe</P></BODY></HTML> Wed, 28 Apr 2010 13:19:17 GMT https://community.cisco.com/t5/network-access-control/acs-4-2-integration-with-rsa-appliance/m-p/1399505#M7677 joeharb 2010-04-28T13:19:17Z