sguido
asked on
Configuring ASA5510 with RSA secure token authentication
hello. i have an ASA5510 using ldap authentication. I've just configured an RSA Server and am looking to configure the ASA to use secure id for authentication. Need help with the config. Thanks.
If you want to know the specific commands for the PIX/ASA:
RSA Authentication Manager:
aaa-server AuthMan6 protocol sdi
reactivation-mode timed
aaa-server AuthMan6 host 10.100.50.37
retry-interval 3
timeout 13
VPN Policy:
ip local pool test 173.16.16.1-173.16.16.254
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
tunnel-group AuthMan6Group type ipsec-ra
tunnel-group AuthMan6Group general-attributes
address-pool test
authentication-server-grou
tunnel-group AuthMan6Group ipsec-attributes
pre-shared-key *
RADIUS authentication configuration:
RADIUS Server:
aaa-server inauth protocol radius
aaa-server inauth host 10.100.50.37
key secret
aaa-server inauth host 10.100.50.36
key secret
aaa-server inauth host 10.100.50.35
key secret
VPN Policy:
ip local pool test 173.16.16.1-173.16.16.254
group-policy ScottRAD internal
group-policy ScottRAD attributes
crypto ipsec transform-set RADIUSset esp-3des esp-sha-hmac
crypto dynamic-map RADIUSmap 30 set transform-set RADIUSset
crypto map newmap 30 ipsec-isakmp dynamic RADIUSmap
crypto map newmap interface outside
isakmp enable outside
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption 3des
isakmp policy 30 hash sha
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
tunnel-group ScottRAD type ipsec-ra
tunnel-group ScottRAD general-attributes
address-pool test
authentication-server-grou
default-group-policy ScottRAD
tunnel-group ScottRAD ipsec-attributes
pre-shared-key *
trust-point torque
RSA Authentication Manager:
aaa-server AuthMan6 protocol sdi
reactivation-mode timed
aaa-server AuthMan6 host 10.100.50.37
retry-interval 3
timeout 13
VPN Policy:
ip local pool test 173.16.16.1-173.16.16.254
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
tunnel-group AuthMan6Group type ipsec-ra
tunnel-group AuthMan6Group general-attributes
address-pool test
authentication-server-grou
tunnel-group AuthMan6Group ipsec-attributes
pre-shared-key *
RADIUS authentication configuration:
RADIUS Server:
aaa-server inauth protocol radius
aaa-server inauth host 10.100.50.37
key secret
aaa-server inauth host 10.100.50.36
key secret
aaa-server inauth host 10.100.50.35
key secret
VPN Policy:
ip local pool test 173.16.16.1-173.16.16.254
group-policy ScottRAD internal
group-policy ScottRAD attributes
crypto ipsec transform-set RADIUSset esp-3des esp-sha-hmac
crypto dynamic-map RADIUSmap 30 set transform-set RADIUSset
crypto map newmap 30 ipsec-isakmp dynamic RADIUSmap
crypto map newmap interface outside
isakmp enable outside
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption 3des
isakmp policy 30 hash sha
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
tunnel-group ScottRAD type ipsec-ra
tunnel-group ScottRAD general-attributes
address-pool test
authentication-server-grou
default-group-policy ScottRAD
tunnel-group ScottRAD ipsec-attributes
pre-shared-key *
trust-point torque
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Any updates?
http://www.rsa.com/rsasecured/guides/imp_pdfs/Cisco_ASA_AuthMan61.pdf