Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1033
Views
10
Helpful
7
Replies

ACS/RSA Integration

Go to solution
Eric Washington
Level 1
Level 1

‎04-23-2013 08:48 AM - edited ‎03-10-2019 08:20 PM

Has anyone implemented this before? I'm new to this and trying to get pointed in the right direction on support/documentation on how to do this,

The end goal is the provisioning of RSA Tokens to remote access users with a single sign on screen which leverages the ACS as the central policy enforcer​.

Any help would be appreciated. Thanks in advance!

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dansmith827
Level 1
Level 1
In response to Eric Washington

‎05-09-2013 03:33 AM

Eric,

We were in the same position, we went from ACS 4.1 up to 5.4, the upgrade path was 4.1 >5.2 >5.3>5.4. The main issue we had is that 4.1 is group and user based where 5.x is all policy based, a major shift in how ACS operates. Once you get that straight in your head you are set to go. There are some migration tools on the new ACS apliances or at the CISCO website that extracts the lists of groups and users fromm the old 4.1 server. The issue we had then was that all the policies around VPN and network access required building. I found the cisco guides a bit heavy, but, again we employed a consultant as we outsource some major projects. He started this off and I completed this, he wrote up a guide which was very good and better than the cisco docs. I can sanitise this and send you a copy if you wish. my email is firstname.lastname as per my user name and use @nottinghamcity.gov.uk. We did get time sync issues which lead to a review of NTP.

regards,

Dan.

View solution in original post

7 Replies 7

Go to solution
dansmith827
Level 1
Level 1

‎04-24-2013 01:29 AM

Hi Eric,

We had this issue too, rather than try to do it ourselves we paid for two days consultancy and got the integration done for us by Armadillo (UK). We were advised this was the best option as you only do it the once or very rarely, we concentrated more on the system BAU operation and ACS maintenance. This may appear as an easy option, but for us as a large enterprise network we feel it went very smoothly and is the best way to go.

hope that helps.

Dan.

0 Helpful

Go to solution
Eric Washington
Level 1
Level 1
In response to dansmith827

‎05-07-2013 08:20 AM

Thanks for your reply Dan!

We've run into a few issues with this because clocks were not sync'd and we still need to update the ACS. We're currently on 4.1 and will upgrade to 5.3. I assume after the upgrade everything will work smoothly.

Were there any issues that you guys encountered during the implementation?

0 Helpful

Go to solution
dansmith827
Level 1
Level 1
In response to Eric Washington

‎05-09-2013 03:33 AM

Eric,

We were in the same position, we went from ACS 4.1 up to 5.4, the upgrade path was 4.1 >5.2 >5.3>5.4. The main issue we had is that 4.1 is group and user based where 5.x is all policy based, a major shift in how ACS operates. Once you get that straight in your head you are set to go. There are some migration tools on the new ACS apliances or at the CISCO website that extracts the lists of groups and users fromm the old 4.1 server. The issue we had then was that all the policies around VPN and network access required building. I found the cisco guides a bit heavy, but, again we employed a consultant as we outsource some major projects. He started this off and I completed this, he wrote up a guide which was very good and better than the cisco docs. I can sanitise this and send you a copy if you wish. my email is firstname.lastname as per my user name and use @nottinghamcity.gov.uk. We did get time sync issues which lead to a review of NTP.

regards,

Dan.

Go to solution
Eric Washington
Level 1
Level 1
In response to dansmith827

‎05-09-2013 08:31 AM

Thanks a lot Dan I appreciate it. I will be emailing you from my yahoo acct.

0 Helpful

Go to solution
Gurpreet Puri
Level 1
Level 1
In response to dansmith827

‎12-29-2013 07:18 AM

Hi Dan,

I have been facing the same issue. We are currently using 4.2 integrated with RSA. But, now company has decided to upgrde the acs 4.2 to 5.4

I have been trying to do but its a lot different from 4.2

As you have mentioned, could you please mail me the copy of the document you were reffering so I can also configured it.

It would be really really appreciated.

My email id: gurpreet.s.puri@gmail.com

Regards,
Gurpreet S Puri

****************************
Keep Smiling, Peace
****************************

(Please Rate Helpful Post)

Regards, Gurpreet S Puri **************************** Keep Smiling, Peace :) **************************** (Please Rate Helpful Post)
0 Helpful

Go to solution
ninoabbate
Level 1
Level 1
In response to dansmith827

‎12-31-2013 02:55 AM

Hi Dan,

I've sent you an email requesting the doc you were referring.

It would be really appreciated.

Thank you

Antonino Abbate

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents