The AnyConnect SSL VPN Client has to be 'aware' that the RSA Software Token is installed and it needs to communicate with it via the RSA API. It is possible to authenticate Remote Access VPN Clients using RSA. RSA has an inbuilt RADIUS server (you may need to enable it). So configure aaa server and authentication on the router and set the client authentication to this radius server.
You need the following:
1) in the ACS Server, make sure you install the RSA agent and configure it properly.
2) Create external users database for certain group/users. When user is unknown, forward it to the RSA SecurID server.
3) on the RSA SecurID, make sure you create the ACS server as an agent. you need to create a sdconf.rec file and place it in the ACS server.
The ACS server SecurID agent has a tool for you to verify the connectivity. The setup is actually very simple.
Your comments about what to do on the ACS server may or may not be needed. I have set up Remote Access VPN on the 3000 series concentrator which the original poster is asking about and the concentrator communicated directly with the RSA server (not the Radius server) for authentication.
Also your comments about the AnyConnect client would be appropriate if the original poster were asking about Remote Access VPN on the ASA. But clearly he is asking about the 3030 concentrator and as far as I know the AnyConnect client is not supported on the 3000 series concentrator.
I am not aware of any option that will prompt for both the group password (which I assume is what you mean when you say network password) in addition to prompting for the user password (RSA password).
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 188.8.131.52Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 184.108.40.206R1(config-ikev2-keyring-pee...
This document shows how to use the Port Radius NAS PORT Id Attribute in a compound condition to control access with 802.1X.A user jdoe is allowed to access the network only through the physical port FastEthernet 0/1 of the switch and the user jwhite is al...
This document provides a configuration example of Security Assertion Markup Language (SAML) Authentication on FTD managed over FDM. The configuration allows Anyconnect users to establish a VPN session authenticating with a SAML Identity Serv...
DMVPN Dual Hub Dual Cloud Pros and ConsProsNo single point of failureQuick failover if routing protocols are tunedLoad balancing is easyTraffic engineering is easyEasy to work with multiple ISPsConsNeed 2 tunnels per spokeConfiguration is more complicated...