https://community.cisco.com/t5/network-security/pix-535-rsa-secure-id-config-question/m-p/977920#M937526 <HTML><HEAD></HEAD><BODY><P>Sean,</P><P></P><P>I am not sure how you would do it for RSA - but to authenticate a HTTP/HTTPS request from inside out:-</P><P></P><P>access-list HTTP_authentication line 1 extended permit tcp x.x.x.x y.y.y.y 0.0.0.0 0.0.0.0 eq http</P><P></P><P>aaa authentication match HTTP_authentication Lan-2-Lan LOCAL(for local uid/pwd in the ASA) or you could have a set of authentication servers that you would name here.</P><P></P><P>The issue I see with trying RSA - is how the browser would send the information back to the ASA and then forward onto the securID server.</P><P></P><P>I do know that you can use "Challenge/Response Authentication - CRACK" for remote VPN connections, don't think you can use this for http auth.</P><P></P><P>HTH.</P></BODY></HTML> Fri, 23 May 2008 14:32:37 GMT andrew.prince 2008-05-23T14:32:37Z https://community.cisco.com/t5/network-security/pix-535-rsa-secure-id-config-question/m-p/977918#M937524 <P>I am trying to configure my PIX-535 to prompt for RSA Secure ID authentication.</P><P></P><P>So when somebody tries to get to a paticular website, the PIX-535 will put up a Secure ID page and forward the response to our RSA Secure ID server.</P><P></P><P>Any help?</P> Mon, 11 Mar 2019 12:46:58 GMT https://community.cisco.com/t5/network-security/pix-535-rsa-secure-id-config-question/m-p/977918#M937524 swoodyard 2019-03-11T12:46:58Z https://community.cisco.com/t5/network-security/pix-535-rsa-secure-id-config-question/m-p/977919#M937525 <HTML><HEAD></HEAD><BODY><P>RSA SecurID: Provides strong, two-factor authentication using tokens in conjunction with the RSA ACE/Server.RSA Keys-RSA is the public key cryptographic system developed by Ron Rivest, Adi Shamir, and Leonard Adleman. RSA keys come in pairs: one public key and one private key. </P></BODY></HTML> Fri, 23 May 2008 14:01:24 GMT https://community.cisco.com/t5/network-security/pix-535-rsa-secure-id-config-question/m-p/977919#M937525 smahbub 2008-05-23T14:01:24Z https://community.cisco.com/t5/network-security/pix-535-rsa-secure-id-config-question/m-p/977920#M937526 <HTML><HEAD></HEAD><BODY><P>Sean,</P><P></P><P>I am not sure how you would do it for RSA - but to authenticate a HTTP/HTTPS request from inside out:-</P><P></P><P>access-list HTTP_authentication line 1 extended permit tcp x.x.x.x y.y.y.y 0.0.0.0 0.0.0.0 eq http</P><P></P><P>aaa authentication match HTTP_authentication Lan-2-Lan LOCAL(for local uid/pwd in the ASA) or you could have a set of authentication servers that you would name here.</P><P></P><P>The issue I see with trying RSA - is how the browser would send the information back to the ASA and then forward onto the securID server.</P><P></P><P>I do know that you can use "Challenge/Response Authentication - CRACK" for remote VPN connections, don't think you can use this for http auth.</P><P></P><P>HTH.</P></BODY></HTML> Fri, 23 May 2008 14:32:37 GMT https://community.cisco.com/t5/network-security/pix-535-rsa-secure-id-config-question/m-p/977920#M937526 andrew.prince 2008-05-23T14:32:37Z https://community.cisco.com/t5/network-security/pix-535-rsa-secure-id-config-question/m-p/977921#M937528 <HTML><HEAD></HEAD><BODY><P>here is a typical scenario:</P><P></P><P>1- Install Cisco ACS on a server,</P><P>2- Install RSA SecurID on another Server,</P><P>3- create an agent host on the RSA SecurID Server for tthe Cisco ACS server. Generate</P><P>the sdconf.rec file for the Cisco ACS server,</P><P>4- copy the sdconf.rec file over to the Cisco</P><P>ACS server in the C:\Windows\System32 directory,</P><P>5- Install RSA Agent software on the Cisco</P><P>ACS server,</P><P>6- create account on the RSA SecurID Server,</P><P>7- setup Cisco ACS to forward authentication</P><P>request to RSA SecurID server,</P><P>8- setup the ASA like what Andrew described,</P><P>9- now from the client machine, do <A class="jive-link-custom" href="http://www.cisco.com" target="_blank">http://www.cisco.com</A>. You will get prompted</P><P>for authentication,</P><P></P><P>That's pretty much it. </P><P></P><P> </P><P></P></BODY></HTML> Fri, 23 May 2008 17:44:59 GMT https://community.cisco.com/t5/network-security/pix-535-rsa-secure-id-config-question/m-p/977921#M937528 cisco24x7 2008-05-23T17:44:59Z