Can Vasco and RSA token authentication co-exist?

Posted on 2009-04-28
Medium Priority
Last Modified: 2012-05-06
We currently have around 100 RSA secure ID token which are currently very popular among our user base. They use these tokens to connect via Citrx Secure Gateway over the Internet to a Citrix application server.  Management has decided that RSA is too expensive and do not wish to invest in any more tokens for additional users.

So we are looking for a cheaper solution - In this case, we are looking at Vasco. From what I understand, if we decided to switch to Vasco, we would be unable to use the existing RSA tokens to access the Citrix system. This would mean we would have to throw away our existing RSA tokens and purchase a whole set of Vasco ones. Spending money to save money.

Is it possible to authenticate on the Citrix Secure Gateway using either RSA or Vasco tokens? If not, can anyone suggest a way or use for the already paid for RSA tokens?

Question by:netadminsge
  • 2
  • 2
LVL 33

Expert Comment

by:Dave Howe
ID: 24257986
As I understand it - Yes. the VACMAN solution allows for it to "backend" any radius authentication attempts it doesn't find in its database to another radius server, which could be (in this scenario) your existing RSA solution.

I must admit I haven't tried this though. Might be worth you getting a vasco eval in (they do time limited licence eval kits, and the vacman software will install easily and happily to any windows machine running 2000 or better) and building a trial setup so you can be sure it will work before you part with any cash :)

Author Comment

ID: 24265662
Thanks for the suggestion. I'll try and organise a trial with VASCO and see what we can do. I was hesitent in trying this because it may break the RSA solution with has become a critical production system.

In the mean time I'll leave this question open in case anyone else has further information or suggestions.
LVL 33

Accepted Solution

Dave Howe earned 1500 total points
ID: 24267968
actually, it won't.

Consider the following test setup:

[your current access solution]
[your current RSA solution]

now build, in parallel:

[standard Vasco radius test utility (on workstation)]
[New trial vasco server (on workstation)]
[your current RSA Solution (using second radius shared secret]

all you need for the test is one XP workstation - that's it (obviously, in production you would want that to be a "real" server but for a test setup a workstation is fine).

you can then use the test utility to test-login a number of rsa users - you don't even have to test vasco ones, as the main thing you are testing is the RSA passthough.

if you aren't happy, uninstall the vasco software from the workstation, remove the paring from the RSA server, and no harm done.

Author Comment

ID: 24275141
That's a good idea. I guess it dosn't really matter what it authenticates to, just that it authenticates RSA tokens.

I'm trying to arrange a Vasco trial now and will try that setup once I've got it all organised.

Thanks for your suggestions.

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
You have missed a phone call. The number looks like it belongs to the bunch of numbers which your company uses. How to find out who has just called you?
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question