Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
25870
Views
5
Helpful
2
Replies

Cisco VPN client and RSA soft token

ougwuoke
Level 1
Level 1

‎04-27-2008 06:34 PM - edited ‎02-21-2020 03:41 PM

Hi,

I just setup a RSA to our Cisco 3030. I was under the impression after the setup of the RSA that my VPN client will prompt me for my network password and token.

If it can be done. What do I need to do to get prompted for both network password and rsa passcode. Currently I am only get prompted for rsa passcode.

Thanks

Labels:
0 Helpful
2 Replies 2

ebreniz
Level 6
Level 6

‎05-05-2008 09:02 AM

The AnyConnect SSL VPN Client has to be 'aware' that the RSA Software Token is installed and it needs to communicate with it via the RSA API. It is possible to authenticate Remote Access VPN Clients using RSA. RSA has an inbuilt RADIUS server (you may need to enable it). So configure aaa server and authentication on the router and set the client authentication to this radius server.

You need the following:

1) in the ACS Server, make sure you install the RSA agent and configure it properly.

2) Create external users database for certain group/users. When user is unknown, forward it to the RSA SecurID server.

3) on the RSA SecurID, make sure you create the ACS server as an agent. you need to create a sdconf.rec file and place it in the ACS server.

The ACS server SecurID agent has a tool for you to verify the connectivity. The setup is actually very simple.

http://www.cisco.com/en/US/docs/security/pix/pix62/configuration/guide/basclnt.html

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to ebreniz

‎05-05-2008 09:36 AM

Edgar

Your comments about what to do on the ACS server may or may not be needed. I have set up Remote Access VPN on the 3000 series concentrator which the original poster is asking about and the concentrator communicated directly with the RSA server (not the Radius server) for authentication.

Also your comments about the AnyConnect client would be appropriate if the original poster were asking about Remote Access VPN on the ASA. But clearly he is asking about the 3030 concentrator and as far as I know the AnyConnect client is not supported on the 3000 series concentrator.

Obi

I am not aware of any option that will prompt for both the group password (which I assume is what you mean when you say network password) in addition to prompting for the user password (RSA password).

HTH

Rick

HTH

Rick
Customers Also Viewed These Support Documents