Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3406
Views
0
Helpful
1
Replies

ASA VPN login using RSA SDI and 2 RSA servers

lfkentwell
Level 1
Level 1

‎09-09-2012 07:37 PM - edited ‎03-11-2019 04:51 PM

Can anyone help with what is probably a simple question.  I will be pointing an ASA to use an RSA server fro 2 factor login using SDI.  THere will be a primary and a replica (for redundancy) RSA server.  Normally if you where pointing a windows machine to RSA you copy the sdconf.rec which tells the windows box there are 2 RSA servers to use if one is not available.  WHen conifuring ASA to use RSA via SDI you dont copy a sdconf.rec

I know when you first authenticate a nodesecret file is created on the ASA.  my question is if you dont copy an sdconf.rec to tell the ASA there is a backup RSA server how do i tell the ASA there is a backup?  Do i create 2 SDI servers in the asa config?  Does the nodesecret which is automatically created tell the ASA there is a backup RSA server?

Thanks.

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎09-10-2012 01:25 AM

Lance,

I think this will answer your question :-)

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_aaa.html#wp1053384

Not specific to this, but there is an (old-ish) deployment guide by RSA:

http://www.rsa.com/rsasecured/guides/imp_pdfs/Cisco_ASA_AuthMan61.pdf

M.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card