12-29-2012 08:02 AM - edited 03-10-2019 07:55 PM
Hi all,
Say, my topology was using ISE doing VPN inline posture, and bind RSA securID (version 7.1) as external Identity Sources.
During the deployment, in order to let my iPEP node join the Policy Service Node, for the certificate i using the third party CA server (Window server 2008 R2) as the root CA, both of these 2 ISE were mutual authenticated and done.
My question. as i using RSA secureID as external identity sources, native behaviour, Will the ISE trust RSA with no identity certificate signed by the identitical root CA?
Should i enroll this RSA appliance issue the CSR to CA server to sign and in the PKI environment? Is there a need for this?
Thanks
Noel
12-30-2012 06:33 PM
Noel,
From my experience when integrating with the RSA token server you need the sdconf.rec file exported from the RSA and you import that into the ISE configuration. You then select this identity store with your authentication policies for vpn users. There isnt a need for any certificates when integrating with a token server (that was the last time I checked) and even if there would just need to trust each other's certficats.
I hope that helps!
Sent from Cisco Technical Support iPad App
12-30-2012 06:43 PM
Hi Tarik
Thanks for reply.
I will give a try on this.
Happy new year
Noel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide