Configure a Static Route to RSA Authentication Manager

Document created by RSA Information Design and Development on Jul 14, 2016Last modified by RSA Information Design and Development on Oct 20, 2017
Version 21Show Document
  • View in full screen mode
  

The Super Admin for the Cloud Authentication Service must configure static routes to restrict communication between a specific Authentication Manager server or network of servers and one identity router. You can configure either of the following:

  • If Authentication Manager servers are on different networks, configure a static route for each identity router in your deployment to each Authentication Manager server.
  • If all Authentication Manager servers are on the same network, configure one static route for each identity router in your deployment going to that network to restrict the connections for the entire Authentication Manager deployment.

You must configure a static route when you initially configure the Cloud Authentication Service to communicate with Authentication Manager, as well as each time an Authentication Manager instance is added or removed from the deployment.

The following graphic shows how the example IP addresses from the procedure are used to configure a static route from an identity router to the Authentication Manager appliance(s).

 

Before you begin 

 
  • You must be a Super Admin in the Cloud Administration Console for the Cloud Authentication Service.
  •   Ensure that your network allows outbound TCP traffic from the identity router to the Authentication Manager server on port 5500.

Procedure 

  1. In the Cloud Administration Console, click Platform > Identity Routers.
  2. Next to the identity router name, select Edit.
  3. Click Next Step to access the Settings page.
  4. In the Static Routes section, do the following. See the RSA SecurID AccessSolution Architecture Workbook for the RSA Authentication Manager server IP addresses.  
    • To restrict an individual Authentication Manager server to the identity router management interface, enter these settings:
      • IP Address:<Authentication Manager Server IP Address>

        For example, 192.168.20.7

      • Network Mask: 255.255.255.255
      • Gateway:<Default Gateway for Identity Router Management Interface>

        For example: 10.10.10.1

        Device: Private

    • To restrict a network containing all Authentication Manager servers, use these settings:
      • IP Address:<Authentication Manager Server Network>

        For example, 192.168.20.0

      • Network Mask:<Network Mask for Authentication Manager Server Network>

        For example, 255.255.255.128

      • Gateway:<Default Gateway for Identity Router Management Interface>

        For example: 10.10.10.1

        Device: Private

  5. Click Add.
  6. Click Next Step.
  7. Click Save and Finish.
  8. Repeat step 2 through step 6 for each identity router in your deployment.
  9. Click Publish Changes.

After you finish 

A Super Admin for RSA Authentication Manager must Generate the Authentication Manager Configuration File.

 

 

 

You are here
Table of Contents > Configure a Static Route to RSA Authentication Manager

Attachments

    Outcomes