How does the PIX support SecurID ?

PNTECH · ‎01-27-2003

Hello,

I was curious as to how the PIX suports RSA's SecurID. I recieved some demo s/w for securID and tried to test it out on a PIX remtote access VPN. I have the PIX setup to do RADIUS authentication for the VPN client 3.5, using the windows IAS radius server. This works fine.

I have the the securID s/w able to test authenticate a Key FOB ok. I can't seem to get the two to work together. I have read the cisco support doc for using securID auth with the VPN 3.x client and it seems to imply that the VPN client is aware of the software token. Does this mean that the KEY fob I am trying to use is not supported ? there are no specific commands I see in the PIX config samples that tell it that it is supposed to use the rsa server for authentication. It only shows to configure xauth with radius, which I have done.

Is the problem with using windows IAS for radius ? does the radius server or the PIX need to be added as an agent host ? Any help would be appreciated..

thanks,

patrick

PNTECH · ‎01-28-2003

according to rsa, they don't support IAS for VPN auth, only through RRAS. The PIX has built in code that supports keon and securID. You can use the rsa built in RADIUS or ACS and a few other supported RADIUS servers. Just thought I'd pass it along...

davp9353 · ‎09-04-2003

How would you configure the pix to work with the rsa built in radius to authenticate vpn 3.x or 4.x users without the use of a vpn3000 or an acs server? I just can't get them to work. Anyhelp would be welcome

Thanks

skleber · ‎10-16-2003

Hi,

just configure your pix like to ask an IAS Server. The ACE Server from RSA works like an simple Radius Server.

reg. Sebastian