Can Vasco and RSA token authentication co-exist?

Posted on 2009-04-28
Last Modified: 2012-05-06
We currently have around 100 RSA secure ID token which are currently very popular among our user base. They use these tokens to connect via Citrx Secure Gateway over the Internet to a Citrix application server.  Management has decided that RSA is too expensive and do not wish to invest in any more tokens for additional users.

So we are looking for a cheaper solution - In this case, we are looking at Vasco. From what I understand, if we decided to switch to Vasco, we would be unable to use the existing RSA tokens to access the Citrix system. This would mean we would have to throw away our existing RSA tokens and purchase a whole set of Vasco ones. Spending money to save money.

Is it possible to authenticate on the Citrix Secure Gateway using either RSA or Vasco tokens? If not, can anyone suggest a way or use for the already paid for RSA tokens?

Question by:netadminsge
    LVL 33

    Expert Comment

    by:Dave Howe
    As I understand it - Yes. the VACMAN solution allows for it to "backend" any radius authentication attempts it doesn't find in its database to another radius server, which could be (in this scenario) your existing RSA solution.

    I must admit I haven't tried this though. Might be worth you getting a vasco eval in (they do time limited licence eval kits, and the vacman software will install easily and happily to any windows machine running 2000 or better) and building a trial setup so you can be sure it will work before you part with any cash :)

    Author Comment

    Thanks for the suggestion. I'll try and organise a trial with VASCO and see what we can do. I was hesitent in trying this because it may break the RSA solution with has become a critical production system.

    In the mean time I'll leave this question open in case anyone else has further information or suggestions.
    LVL 33

    Accepted Solution

    actually, it won't.

    Consider the following test setup:

    [your current access solution]
    [your current RSA solution]

    now build, in parallel:

    [standard Vasco radius test utility (on workstation)]
    [New trial vasco server (on workstation)]
    [your current RSA Solution (using second radius shared secret]

    all you need for the test is one XP workstation - that's it (obviously, in production you would want that to be a "real" server but for a test setup a workstation is fine).

    you can then use the test utility to test-login a number of rsa users - you don't even have to test vasco ones, as the main thing you are testing is the RSA passthough.

    if you aren't happy, uninstall the vasco software from the workstation, remove the paring from the RSA server, and no harm done.

    Author Comment

    That's a good idea. I guess it dosn't really matter what it authenticates to, just that it authenticates RSA tokens.

    I'm trying to arrange a Vasco trial now and will try that setup once I've got it all organised.

    Thanks for your suggestions.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Suggested Solutions

    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now