Configure a Static Route to RSA Authentication Manager

Document created by RSA Information Design and Development on Jul 14, 2016Last modified by RSA Information Design and Development on Sep 15, 2017
Version 18Show Document
  • View in full screen mode
  

The Super Admin for the Cloud Authentication Service must configure static routes to restrict communication between a specific Authentication Manager server or network of servers and one identity router. You can configure either of the following:

  • If Authentication Manager servers are on different networks, configure a static route for each identity router in your deployment to each Authentication Manager server.
  • If all Authentication Manager servers are on the same network, configure one static route for each identity router in your deployment going to that network to restrict the connections for the entire Authentication Manager deployment.

To download complete integration instructions, see Integrating the Cloud Authentication Service and RSA Authentication Manager on RSA Link at https://community.rsa.com/docs/DOC-53954.

Note:  Perform this task each time Authentication Manager servers are added or removed.

 

Before you begin 

 
  • You must be a Super Admin in the Cloud Administration Console for the Cloud Authentication Service.
  •   Ensure that your network allows outbound TCP traffic from the identity router to the Authentication Manager server on port 5500.

Procedure 

 
  1. In the Cloud Administration Console, click Platform > Identity Routers.
  2. Next to the identity router name, select Edit.
  3. Click Next Step to access the Settings page.
  4. In the Static Routes section, do the following. See the RSA SecurID Access Solution Architecture Workbook for the RSA Authentication Manager server IP addresses.  
    • To restrict an individual Authentication Manager server to the identity router management interface, enter these settings:
      • IP Address:<Authentication Manager Server IP Address>

        For example, 192.168.20.7

      • Network Mask: 255.255.255.255
      • Gateway:<Default Gateway for Identity Router Management Interface>

        For example: 10.10.10.1

        Device: Private

    • To restrict a network containing all Authentication Manager servers, use these settings:
      • IP Address:<Authentication Manager Server Network>

        For example, 192.168.20.0

      • Network Mask:<Network Mask for Authentication Manager Server Network>

        For example, 255.255.255.128

      • Gateway:<Default Gateway for Identity Router Management Interface>

        For example: 10.10.10.1

        Device: Private

  5. Click Add.
  6. Click Next Step.
  7. Click Save and Finish.
  8. Repeat step 2 through step 6 for each identity router in your deployment.
  9. Click Publish Changes.

After you finish 

A Super Admin for RSA Authentication Manager must Generate the Authentication Manager Configuration File.

 

 

You are here
Table of Contents > RSA Authentication Manager Integration > Configure a Static Route to RSA Authentication Manager

Attachments

    Outcomes