cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

3115
Views
0
Helpful
1
Replies
Highlighted
Beginner

ASA VPN login using RSA SDI and 2 RSA servers

Can anyone help with what is probably a simple question.  I will be pointing an ASA to use an RSA server fro 2 factor login using SDI.  THere will be a primary and a replica (for redundancy) RSA server.  Normally if you where pointing a windows machine to RSA you copy the sdconf.rec which tells the windows box there are 2 RSA servers to use if one is not available.  WHen conifuring ASA to use RSA via SDI you dont copy a sdconf.rec

I know when you first authenticate a nodesecret file is created on the ASA.  my question is if you dont copy an sdconf.rec to tell the ASA there is a backup RSA server how do i tell the ASA there is a backup?  Do i create 2 SDI servers in the asa config?  Does the nodesecret which is automatically created tell the ASA there is a backup RSA server?

Thanks.

1 REPLY 1
Highlighted
Cisco Employee

Lance,

I think this will answer your question :-)

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/access_aaa.html#wp1053384

Not specific to this, but there is an (old-ish) deployment guide by RSA:

http://www.rsa.com/rsasecured/guides/imp_pdfs/Cisco_ASA_AuthMan61.pdf

M.

Content for Community-Ad