FWeston
asked on
RSA SecurID 6.1 RADIUS Server Configuration
I'm using a SecurID appliance together with my Cisco ASA to authenticate VPN users. I also have a Cisco wireless LAN controller, and would like to use SecurID to authenticate WLAN users. Problem is, the ASA supports SecurID's native SDI authentication mode, but the WLC only supports RADIUS.
I found a Cisco guide, which details how to get the WLC talking to SecurID via RADIUS, but I've run into a problem when setting up the built-in SecurID RADIUS server. In Authentication Manager, under the RADIUS menu, I select Manage RADIUS Server, and receive the warning message 'RADIUS Server has not been configured'.
I've Googled this and come up empty. I do not have a current RSA support agreement, but I contacted my sales rep, and he told me that the RADIUS server is included with the appliance, so I should already have everything I need. I just need a guide or some help on getting the SecurID RADIUS server working.
I found a Cisco guide, which details how to get the WLC talking to SecurID via RADIUS, but I've run into a problem when setting up the built-in SecurID RADIUS server. In Authentication Manager, under the RADIUS menu, I select Manage RADIUS Server, and receive the warning message 'RADIUS Server has not been configured'.
I've Googled this and come up empty. I do not have a current RSA support agreement, but I contacted my sales rep, and he told me that the RADIUS server is included with the appliance, so I should already have everything I need. I just need a guide or some help on getting the SecurID RADIUS server working.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Determined that RADIUS server is a separate piece of software that must be downloaded from RSA.
First thing you have to make sure is that you add the cisco wireless LAN controller's IP as a client on the RADIUS server that came with secureID with a secert (password that is used to authenticate the messages).
Check the log on the radius server to see whether you were getting errors dealing with invalid/unknown client, ignoring message
Presumably RSA has a knowledge base/guides for just such an occasions.
http://www.rsa.com/rsasecured/guides/imp_pdfs/Cisco_PIX_702_AuthMan61.pdf
Is an example of configuring the Appliance to be used with a PIX.
What options are available within the appliance that deal with configuring/enabling RADIUS?