Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1057
Views
0
Helpful
1
Replies

RSA Securid and FWSM

kenneth.robinson
Level 1
Level 1

‎11-19-2010 01:16 AM - edited ‎03-10-2019 05:35 PM

Hi,

I have a FWSM blade in a 6506 chassis. I am testing the feasability of being able to have users connect through the firewall and authenticate with an RSA ACE (Auth Manager v6.1 for WIN). I spoke to RSA and the only feedback I received was "the FWSM is not supported by the RSA ACE". It also says this in the FWSM data sheet about SDI. Before I do a lot of setting up and testing is there any way I could get this hardware to work by having the Cisco ACS in between, as the Cisco ACS is supported by the RSA ACE. Note: these are all LAN users, no dial-in, no VPN users.

LAN User A Securid  <>  FWSM  <Tacacs+ or Radius>  Cisco ACS  <SDI>  RSA ACE (AM v6.1)

I found this ACS/RSA doc on the Cisco web site from 2006.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080094650.shtml

Link to FWSM AAA support:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/aaa_f.html

Any info would be much appreciated.

Regards

Ken

FWSM AAA.jpg

Labels:
0 Helpful
1 Reply 1

Tarik Admani
VIP Alumni
VIP Alumni

‎12-01-2010 08:11 PM

Ken,

Yes integrating an ACS do to the front end radius or tacacs authentication is supported if you want authentication to be handled by an RSA or some other external Radius server on the backend.

Here is the latest documentation for our ACS 5.2 product which is now supported in vmware, you can always install the software on a virtual machine and run our 90 day evaluation license if you are trying to use this as a proof of concept or want to get more familiar with the product.

This link on managing and external id store can be found here: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/users_id_stores.html#wp1053043

You can also use AD or ldap for attribute retreval in order to assign different policies for different levels of admins.

Let me know if you need help with anything else.

Thanks,

Tarik Admani

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents