Firewall Wizards mailing list archives
Re: Cisco ASA 8.0(3) with RSA SecurID
From: "Pedro Henrique Morsch Mazzoni" <phmazzoni () gmail com>
Date: Wed, 26 Nov 2008 15:15:09 -0200
Maybe you could try Cisco ACS to centralize your AAA. It´s not that good but it has no substitute to all features it delivers. Cisco ACS will pass authentication requestes to RSA and will deal with authorization and accounting. Regards, Pedro Mazzoni 2008/11/26 Todd Simons <tsimons () delphi-tech com>
We ended up configuring RSA/SDI for Authentication, and our ActiveDirectory via LDAP for authorization -----Original Message----- From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of James Michael Keller Sent: Tuesday, November 25, 2008 2:47 PM To: Firewall Wizards Security Mailing List Subject: Re: [fw-wiz] Cisco ASA 8.0(3) with RSA SecurID Craig Van Tassle wrote:On Mon, 15 Sep 2008 13:59:47 -0400 "Todd Simons" <tsimons () delphi-tech com> wrote:Hello All We're starting to evaluate the ASA 5500 series to replace ourexistingfirewalls. On our current firewalls we use RSA tokens for Authentication and WindowsAD for group Authorization. Is this possible with the ASA? ~Todd ## Scanned by Delphi Technology, Inc. ##I'm not totally sure about the RSA. I believe that is can be done. As for the AD integration that is easily done. You just have to configure the ASA to use LDAP which is not hard at all.Responding to old thread, but didn't see any follow up .... SDI is the RSA SecurID protocol. We ended up enabling the Radius server on the RSA ACE servers and are using radius instead, the intention was to be able to export group information to use in dynamic ACLs, but the version of ACE we where on could not support that. SDI native doesn't have a group token. Then we changed the default template to refer to Passcodes instead of Passwords. in the login dialogs. -- James Michael Keller _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards ## Scanned by Delphi Technology, Inc. ## _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Cisco ASA 8.0(3) with RSA SecurID James Michael Keller (Nov 26)
- Re: Cisco ASA 8.0(3) with RSA SecurID Todd Simons (Nov 26)
- Re: Cisco ASA 8.0(3) with RSA SecurID Pedro Henrique Morsch Mazzoni (Nov 26)
- Re: Cisco ASA 8.0(3) with RSA SecurID Todd Simons (Nov 26)