05-19-2008 06:40 AM - edited 03-11-2019 05:46 AM
I am trying to configure my PIX-535 to prompt for RSA Secure ID authentication.
So when somebody tries to get to a paticular website, the PIX-535 will put up a Secure ID page and forward the response to our RSA Secure ID server.
Any help?
05-23-2008 07:01 AM
RSA SecurID: Provides strong, two-factor authentication using tokens in conjunction with the RSA ACE/Server.RSA Keys-RSA is the public key cryptographic system developed by Ron Rivest, Adi Shamir, and Leonard Adleman. RSA keys come in pairs: one public key and one private key.
05-23-2008 07:32 AM
Sean,
I am not sure how you would do it for RSA - but to authenticate a HTTP/HTTPS request from inside out:-
access-list HTTP_authentication line 1 extended permit tcp x.x.x.x y.y.y.y 0.0.0.0 0.0.0.0 eq http
aaa authentication match HTTP_authentication Lan-2-Lan LOCAL(for local uid/pwd in the ASA) or you could have a set of authentication servers that you would name here.
The issue I see with trying RSA - is how the browser would send the information back to the ASA and then forward onto the securID server.
I do know that you can use "Challenge/Response Authentication - CRACK" for remote VPN connections, don't think you can use this for http auth.
HTH.
05-23-2008 10:44 AM
here is a typical scenario:
1- Install Cisco ACS on a server,
2- Install RSA SecurID on another Server,
3- create an agent host on the RSA SecurID Server for tthe Cisco ACS server. Generate
the sdconf.rec file for the Cisco ACS server,
4- copy the sdconf.rec file over to the Cisco
ACS server in the C:\Windows\System32 directory,
5- Install RSA Agent software on the Cisco
ACS server,
6- create account on the RSA SecurID Server,
7- setup Cisco ACS to forward authentication
request to RSA SecurID server,
8- setup the ASA like what Andrew described,
9- now from the client machine, do http://www.cisco.com. You will get prompted
for authentication,
That's pretty much it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide