Forescout 8.0 - RADIUS with AM Configuration - RSA Ready SecurID Access Implementation Guide

Document created by RSA Information Design and Development Employee on Aug 23, 2019
Version 1Show Document
  • View in full screen mode

This section describes how to integrate Forescout with RSA Authentication Manager using RADIUS.

Architecture Diagram

Configure RSA Authentication Manager

To configure your RSA Authentication Manager for use with a RADIUS Agent, you must configure a RADIUS client and a corresponding agent host record in the Authentication Manager Security Console.

The relationship of agent host record to RADIUS client in the Authentication Manager can 1 to 1, 1 to many or 1 to all (global).

RSA Authentication Manager listens on ports UDP 1645 and UDP 1812.


Configure Forescout

Perform these steps to configure Forescout as a RADIUS client to RSA Authentication Manager.


1. Sign in to Forescout admin console and click OptionsTools > VPN and click Add.

2. Add the Cisco ASA device information and click Next.

3. Configure the access credentials for the Cisco ASA and click Next.

4. Configure the RSA Authentication Manager RADIUS settings and click Finish.

  1. Local RADIUS Port: This should match the RADIUS port as configured on Cisco ASA.
  2. RADIUS Server Address: Enter the IP address of the RSA Authentication Manager server.
  3. RADIUS Server Port: Enter 1812 or 1645.
  4. RADIUS Shared Secret: Enter the RADIUS shared secret as specified in the RADIUS client in RSA Authentication Manager Security Console.


Configuration is complete


Return to the main page for more certification related information.