Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2949
Views
0
Helpful
3
Replies

SSL VPN and RSA on demand tokens

Go to solution
kristofer
Level 1
Level 1

‎12-20-2012 03:32 PM

Hi

I have tried scouring the web and can find nothing on how to get this working. We have our SSL VPN using RSA atm but would also like to be able to use the on demand version as well.

I have not been able to find any doco on how to enable this.

Any help in pointing me in the right direction would be great thanks

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎12-21-2012 12:50 AM

Kris,

Any username/password authentication is (mostly) transparent for ASA.

ASA or any device performing authentication forwards a query containing credentials to the backend server which will respond with either acceptance, a reject or in some cases a challange.

One notable exception on RSA side is Adaptive Authentication (sometimes called tokenless) which requires additional customization on ASA.

The folks on RSA side are a smart bunch they can typically answer how their solution integrates with different vendors/solutions. If I'm readying this correctly (what I could find with a quick query) there are no additional considerations on ASA side save for defining the right server and pointing it as the authnetication service (and if needed NAT/ACL to allow users access to the server where you can request the token to be sent - typically in a DMZ).

I'm basing this on:

http://www.rsa.com/products/securid/datasheets/9240_SIDODA_DS_0310.pdf

and

http://www.rsa.com/experience/sid/ondemand.swf

M.

View solution in original post

0 Helpful

Go to solution
viyuan700
Level 5
Level 5

‎12-23-2012 10:56 PM

For RSA On demand Token there is NO config on ASA .Depending on how you want to deliver token by email or SMS you need to make changes in RSA Authentication Server  In Security Console you need to configure and also enable on demand in user profile. But all changes are in RSA

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎12-21-2012 12:50 AM

Kris,

Any username/password authentication is (mostly) transparent for ASA.

ASA or any device performing authentication forwards a query containing credentials to the backend server which will respond with either acceptance, a reject or in some cases a challange.

One notable exception on RSA side is Adaptive Authentication (sometimes called tokenless) which requires additional customization on ASA.

The folks on RSA side are a smart bunch they can typically answer how their solution integrates with different vendors/solutions. If I'm readying this correctly (what I could find with a quick query) there are no additional considerations on ASA side save for defining the right server and pointing it as the authnetication service (and if needed NAT/ACL to allow users access to the server where you can request the token to be sent - typically in a DMZ).

I'm basing this on:

http://www.rsa.com/products/securid/datasheets/9240_SIDODA_DS_0310.pdf

and

http://www.rsa.com/experience/sid/ondemand.swf

M.

0 Helpful

Go to solution
viyuan700
Level 5
Level 5

‎12-23-2012 10:56 PM

For RSA On demand Token there is NO config on ASA .Depending on how you want to deliver token by email or SMS you need to make changes in RSA Authentication Server  In Security Console you need to configure and also enable on demand in user profile. But all changes are in RSA

0 Helpful

Go to solution
kristofer
Level 1
Level 1

‎12-26-2012 03:28 PM

thanks everyone, issue resolved

0 Helpful
Customers Also Viewed These Support Documents