I've been searching and reading a lot about this scenario (AD -> RSA SecurID -> ACS -> ASA SSL VPN), and after I thought I had it all clear I realized I was a bit confused... This is why...
I want to poll the AD from the RSA SecurID and then poll the RSA SecurID from the ACS so that I don't have to change the current policies configured on the ACS. (the production scenario right now is AD -> ACS -> ASA SSL VPN)
The idea is to have a Two-Factor authentication for the SSL VPN. Doing it that way I won't need to touch the ASA AAA configuration as will still be pointing to the ACS.
I thought that adding the RSA SecurID (after configuring it to poll the AD) using the sdconf.rec file into the ACS was enough to make work a Two-Factor Authentication for the ASA SSL VPN, using the policies already configured on the ACS, but according to what I have read apparently this is not possible.
Could you help me to determine if when the ACS polls the RSA SecurID for the Two-Factor authentication (pin+token), it will receive an "allow this user to connect" using the current policies of the ACS (AD groups/users)?
I'll be implementing this solution next week but I need to offer a design first. What would you recommend me?
ProblemTaking a snapshot of ISE virtual machines is not supported but it still happens occasionally due to administrators taking a snapshot manually or an integrated technology that automatically takes snapshots to back up VMs. When taking a snapsho...
Hi all, Is it available on Stealthwatch 7 Client or web interface the ability to import the Netflow Exporters names? I found only the possibility to configure manually the name of each Netflow Exporter, but not a bulk configuration.
User Experience Enhancements
As part of Cisco Customer Experience program, we are working towards a more uniform user experience and terminology harmonization. This program runs across all Cisco security products.
We are ali...
Join us on Thursday, October 10 at 10 am PT to meet the CEO and Founder of Cisco's most recent security investment.
In today’s cybersecurity arms race, how does Cisco stay one step ahead in the battle against attackers? One key strategy is keeping tabs on...