Solved: Authenticating using RSA SecurID

justine.joubran · ‎03-08-2014

Hello,

I am trying to secure the access using RSA SecurID to the following 2 scenarios:

- SSH/telnet/console to any Cisco device (Router, Switch, Firewall)

- SSL VPN users

Is it possible to do this integration directly between the Cisco device and the RSA SecurID itself? Or it is required to have ACS in between? \

Thanks,

Justine.

Jatin Katyal · ‎03-08-2014

With Router/switches/AP's only radius and tacacs are supported so you can configure the IOS devices for radius protocol and server as radius token server.

http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scftplus.html#wp1001011

ASA does supports SDI protocol so you can integrate the RSA securID directly with it.

SDI on ASA

http://www.cisco.com/c/en/us/support/docs/security-vpn/secureid-sdi/116304-technote-rsa-00.html#anc10

SDI with ACS

http://www.cisco.com/c/en/us/support/docs/security-vpn/secureid-sdi/116304-technote-rsa-00.html#anc9

You may want to read discussion on the similar requirement.

https://supportforums.cisco.com/discussion/11259716/rsa-securid

~BR

Jatin

** Do rate helpful posts**

~Jatin

View solution in original post

Jatin Katyal · ‎03-08-2014

With Router/switches/AP's only radius and tacacs are supported so you can configure the IOS devices for radius protocol and server as radius token server.

http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scftplus.html#wp1001011

ASA does supports SDI protocol so you can integrate the RSA securID directly with it.

SDI on ASA

http://www.cisco.com/c/en/us/support/docs/security-vpn/secureid-sdi/116304-technote-rsa-00.html#anc10

SDI with ACS

http://www.cisco.com/c/en/us/support/docs/security-vpn/secureid-sdi/116304-technote-rsa-00.html#anc9

You may want to read discussion on the similar requirement.

https://supportforums.cisco.com/discussion/11259716/rsa-securid

~BR

Jatin

** Do rate helpful posts**

~Jatin

Jatin Katyal · ‎03-11-2014

Justine,

Let me know if you've any further questions on this matter.

Regards,

Jatin Katyal

**Do rate helpful posts**

~Jatin