Solved: Pix, ASA and RSA SecureID

urvininocente · ‎04-20-2011

Dear all,

I am replacing our old Pix 515 for a new ASA 5520.

On the Pix (running ios 6.x) we configured the pix to use a RSA SecurID appliance as an AAA server to authenticate remote VPN clients. In order to do this we configure an AAA group that use the protocol radius. Now for the ASA I found some documentation that indicates that I must create an AAA group that uses the protocol SDI .

Now my questions are

1) can I still use the protocol radius on the ASA to authenticate with RSA SecureID or do I have to use SDI?

2) If I have to use SDI does this mean that I will also have to change the configuration on my RSA that I was using for authenticating users from the PIX?

Regards,

Screech

Roman Rodichev · ‎04-20-2011

hi screech

1) You can still use RADIUS.

2) Yes, you would need to allow auth requests to come from ASA

Roman

View solution in original post

andamani · ‎04-21-2011

Hi,

The SDI and Radius are two flavours supported by RSA.

Using SDI or Radius is entirely your choice.

Hope this helps.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

View solution in original post

Roman Rodichev · ‎04-20-2011

hi screech

1) You can still use RADIUS.

2) Yes, you would need to allow auth requests to come from ASA

Roman

urvininocente · ‎04-20-2011

Roman,

Thanks for your reply.

What is the differnce between SDI and Radius and which one is recommended.

Regards,

Screech

andamani · ‎04-21-2011

Hi,

The SDI and Radius are two flavours supported by RSA.

Using SDI or Radius is entirely your choice.

Hope this helps.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.