?
Solved

How to integrate RSA & VPN  using cisco ASA 5510 & remote internet client?

Posted on 2009-07-06
5
Medium Priority
?
2,256 Views
Last Modified: 2012-05-07
integrate RSA & VPN  using cisco ASA 5510 & remote internet client
0
Comment
Question by:rajeshgc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 24783764
0
 
LVL 10

Expert Comment

by:stsonline
ID: 24808918
You can define your RSA server as an AAA server of type 'sdi' and use it to authenticate your VPN users just like a RADIUS or LDAP server.

*** RSA does not use a PSK, it downloads an encrypted *.sdi file on first connect
aaa-server RSA_VPN protocol sdi
aaa-server RSA_VPN host <primary>
aaa-server RSA_VPN host <backup>

Then set your tunnel group to authenticate against the RSA server(s):

tunnel-group rsa_ra_vpn general-attributes
authentication-server-group RSA_VPN

0
 

Author Comment

by:rajeshgc
ID: 24856788
Hi Ikalmar....
Ur reference is really very good....really thanks a lot for the URL...
Regards
Rajesh

Hi stsonline.....
Reallyfirst of all i'ld like to  thank u a lot for ur nice effort...
But as a beginner am not able to understand the whole thing...
Could u please explain it in details regarding "how to integrate csico ASA5510 & RSA?"
Did u implemented it anywhere? or is it the right thing to integrate it for good security purpose.?
plz do let me know....

Thanks & Regards
Rajesh
0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 2000 total points
ID: 24856829
HI,

Please refer this page for mor information:
http://filedb.experts-exchange.com/incoming/2008/09_w36/56525/CiscoPIX-701-AuthMan6.pdf

SDI Server Support

The security appliance can use RSA SecureID servers for VPN authentication. These servers are also known as SDI servers. When a user attempts to establish VPN access and the applicable tunnel-group record specifies a SDI authentication server group, the security appliance sends to the SDI server the username and one-time password and grants or denies user access based on the response from the server.

0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question