Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1869
Views
0
Helpful
4
Replies

PIX cannot authenticate VPN users using RSA tokens and Radius server

davp9353
Level 1
Level 1

‎09-11-2003 06:09 AM - edited ‎03-10-2019 07:29 AM

How would you configure the pix to to work with the rsa's radius server to authenticate vpn 3.x or 4.x users using keyfobs without the use of a vpn3000 or an acs/tacas server? Do you have to have a AAA server pointing to the RSA's server as an external database to authenticate users? Is this the only way to make authentication work with RSA keyfobs?

I just can't get the pix to talk directly to the RSA radius server. Please help

Thanks

Labels:
0 Helpful
4 Replies 4

PNTECH
Level 1
Level 1

‎09-11-2003 08:20 AM

Make sure you have the following RADIUS related commands in your PIX config:

aaa-server RADIUS protocol radius

aaa-server protocol radius

aaa-server (inside) host a.b.c.d crypto map remaccess client authentication

Make sure you add the PIX as an agent host communication server

Verify that the is the same on the PIX and the agent host for the PIX

I had the same problem as you, what ended up working in the end was I had to configure the legacy agent server identification field in the configuration management editor with the address of the ace server. I also manually added the ace server in the assign acting servers menue on the PIX agent host

hope this helps

-Patrick

0 Helpful

PNTECH
Level 1
Level 1
In response to PNTECH

‎09-11-2003 08:24 AM

forgot to add...

check and make sure you have entries on the ace server box in the /win32/drivers/etc/services file that have the 2 RADIUS fields showing ports 1645 & 1646. These are not the defaults and usually need to be changed as such.

0 Helpful

davp9353
Level 1
Level 1
In response to PNTECH

‎09-13-2003 01:19 PM

Patrick,

Thank you for your help. I already had the radius protocol settings on the nt box and the pix aaa commands you previously mention. But how do you configure the legacy agent and the activity server settings on the pix?

I had the same problem as you, what ended up working in the end was I had to configure the legacy agent server identification field in the configuration management editor with the address of the ace server. I also manually added the ace server in the assign acting servers menue on the PIX agent host

0 Helpful

PNTECH
Level 1
Level 1
In response to davp9353

‎09-15-2003 05:37 AM

these settings are on the RSA ACE server. One is located in the configuration manager and the other is located in the database manager>agenthost menu. Go to where you added the pix as an agent host and there is a sub menu for assigning an active server. Select the ace sever as the active server.

I have also found the support area of RSA's website very useful. You will need to create an account to access the technical doc's. You can create a guest account that will allow you access to support doc's.

0 Helpful
Customers Also Viewed These Support Documents