Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1175
Views
0
Helpful
2
Replies

External Identity Sources, binding RSA securID to ISE

yong khang NG
Level 5
Level 5

‎12-29-2012 08:02 AM - edited ‎03-10-2019 07:55 PM

Hi all,

Say, my topology was using ISE doing VPN inline posture, and bind RSA securID (version 7.1) as external Identity Sources.

During  the deployment, in order to let my iPEP node join the Policy Service  Node, for the certificate i using the third party CA server (Window  server 2008 R2) as the root CA, both of these 2 ISE were mutual  authenticated and done.

My question. as i using  RSA secureID as external identity sources, native behaviour, Will the  ISE trust RSA with no identity certificate signed by the identitical  root CA?

Should i enroll this RSA appliance issue the CSR to CA server to sign and in the PKI environment? Is there a need for this?

Thanks

Noel

Labels:
0 Helpful
2 Replies 2

Tarik Admani
VIP Alumni
VIP Alumni

‎12-30-2012 06:33 PM

Noel,

From my experience when integrating with the RSA token server you need the sdconf.rec file exported from the RSA and you import that into the ISE configuration. You then select this identity store with your authentication policies for vpn users. There isnt a need for any certificates when integrating with a token server (that was the last time I checked) and even if there would just need to trust each other's certficats.

I hope that helps!

Sent from Cisco Technical Support iPad App

0 Helpful

yong khang NG
Level 5
Level 5
In response to Tarik Admani

‎12-30-2012 06:43 PM

Hi Tarik

Thanks for reply.

I will give a try on this.

Happy new year

Noel

0 Helpful
Customers Also Viewed These Support Documents