Solved

How to integrate RSA & VPN  using cisco ASA 5510 & remote internet client?

Posted on 2009-07-06
5
2,239 Views
Last Modified: 2012-05-07
integrate RSA & VPN  using cisco ASA 5510 & remote internet client
0
Comment
Question by:rajeshgc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 24783764
0
 
LVL 10

Expert Comment

by:stsonline
ID: 24808918
You can define your RSA server as an AAA server of type 'sdi' and use it to authenticate your VPN users just like a RADIUS or LDAP server.

*** RSA does not use a PSK, it downloads an encrypted *.sdi file on first connect
aaa-server RSA_VPN protocol sdi
aaa-server RSA_VPN host <primary>
aaa-server RSA_VPN host <backup>

Then set your tunnel group to authenticate against the RSA server(s):

tunnel-group rsa_ra_vpn general-attributes
authentication-server-group RSA_VPN

0
 

Author Comment

by:rajeshgc
ID: 24856788
Hi Ikalmar....
Ur reference is really very good....really thanks a lot for the URL...
Regards
Rajesh

Hi stsonline.....
Reallyfirst of all i'ld like to  thank u a lot for ur nice effort...
But as a beginner am not able to understand the whole thing...
Could u please explain it in details regarding "how to integrate csico ASA5510 & RSA?"
Did u implemented it anywhere? or is it the right thing to integrate it for good security purpose.?
plz do let me know....

Thanks & Regards
Rajesh
0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 500 total points
ID: 24856829
HI,

Please refer this page for mor information:
http://filedb.experts-exchange.com/incoming/2008/09_w36/56525/CiscoPIX-701-AuthMan6.pdf

SDI Server Support

The security appliance can use RSA SecureID servers for VPN authentication. These servers are also known as SDI servers. When a user attempts to establish VPN access and the applicable tunnel-group record specifies a SDI authentication server group, the security appliance sends to the SDI server the username and one-time password and grants or denies user access based on the response from the server.

0

Featured Post

How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question