This section describes how to integrate Forescout with RSA Authentication Manager using RADIUS.
Architecture Diagram
Configure RSA Authentication Manager
To configure your RSA Authentication Manager for use with a RADIUS Agent, you must configure a RADIUS client and a corresponding agent host record in the Authentication Manager Security Console.
The relationship of agent host record to RADIUS client in the Authentication Manager can 1 to 1, 1 to many or 1 to all (global).
RSA Authentication Manager listens on ports UDP 1645 and UDP 1812.
Configure Forescout
Perform these steps to configure Forescout as a RADIUS client to RSA Authentication Manager.
Procedure
1. Sign in to Forescout admin console and click Options> Tools > VPN and click Add.
2. Add the Cisco ASA device information and click Next.
3. Configure the access credentials for the Cisco ASA and click Next.
4. Configure the RSA Authentication Manager RADIUS settings and click Finish.
- Local RADIUS Port: This should match the RADIUS port as configured on Cisco ASA.
- RADIUS Server Address: Enter the IP address of the RSA Authentication Manager server.
- RADIUS Server Port: Enter 1812 or 1645.
- RADIUS Shared Secret: Enter the RADIUS shared secret as specified in the RADIUS client in RSA Authentication Manager Security Console.
Configuration is complete
Return to the main page for more certification related information.