Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
992
Views
5
Helpful
1
Replies

Cisco ISE and RSA

baker82
Level 1
Level 1

‎08-22-2019 05:10 AM - edited ‎08-22-2019 05:38 AM

Has anyone had any experience setting up a custom sdconf/sdopts.rec file point point various sites authentication traffic to their local RSA server?

I have a seven PSN node distributive deployment and each of these sites has their own RSA server. I would like to configure the sdopts.rec file to point the authentication traffic to their local sites RSA server. 

 

 

 

 

 

0 Helpful
1 Reply 1

rcullum
Level 1
Level 1

‎05-05-2020 04:11 AM

Hi, we have just done something similar. You can load a unique sdopts.rec file per ISE node. Make sure you define the CLIENT_IP=<ISE Node ip address> as well at the start of the file. e.g:
CLIENT_IP=A.A.A.A
USESERVER=B.B.B.B,10
USESERVER=C.C.C.C,1

where USESERVER are the ip addresses for your RSA servers. The above means the first USESERVER entry is preferred as it has weighting of 10 and in theory, the weighting of 1 for the 2nd entry means it is only used if 1st entry is not available. You can 'load-balance' by making them both 10.
Customers Also Viewed These Support Documents