Re: [fw-wiz] Cisco ASA 8.0(3) with RSA SecurID



Maybe you could try Cisco ACS to centralize your AAA. It´s not that good but
it has no substitute to all features it delivers.
Cisco ACS will pass authentication requestes to RSA and will deal with
authorization and accounting.

Regards,
Pedro Mazzoni

2008/11/26 Todd Simons <tsimons@xxxxxxxxxxxxxxx>

We ended up configuring RSA/SDI for Authentication, and our
ActiveDirectory via LDAP for authorization

-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of
James Michael Keller
Sent: Tuesday, November 25, 2008 2:47 PM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] Cisco ASA 8.0(3) with RSA SecurID

Craig Van Tassle wrote:
On Mon, 15 Sep 2008 13:59:47 -0400
"Todd Simons" <tsimons@xxxxxxxxxxxxxxx> wrote:


Hello All



We're starting to evaluate the ASA 5500 series to replace our
existing
firewalls. On our current firewalls we use RSA tokens for
Authentication and WindowsAD for group Authorization. Is this
possible with the ASA?



~Todd


## Scanned by Delphi Technology, Inc. ##


I'm not totally sure about the RSA. I believe that is can be done. As
for the AD integration that is easily done. You just have to configure
the ASA to use LDAP which is not hard at all.


Responding to old thread, but didn't see any follow up ....

SDI is the RSA SecurID protocol. We ended up enabling the Radius
server on the RSA ACE servers and are using radius instead, the
intention was to be able to export group information to use in dynamic
ACLs, but the version of ACE we where on could not support that. SDI
native doesn't have a group token.

Then we changed the default template to refer to Passcodes instead of
Passwords. in the login dialogs.

--
James Michael Keller

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

## Scanned by Delphi Technology, Inc. ##
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages