This section contains instructions on how to integrate Cisco ASA with RSA Cloud Authentication Service using RADIUS.

Architecture Diagrams

RSA Cloud Authentication Service

To configure RADIUS for Cloud Authentication Service for use with a RADIUS client, you must first configure a RADIUS client in the RSA SecurID Access Console.

Logon to the RSA Cloud Administrative Console and browse to Authentication Clients > RADIUS > Add RADIUS Client and enter the Name, IP Address and Shared Secret.

Click Publish.

Cisco ASA

Follow the steps in this section to integrate Cisco ASA with RSA SecurID Access as a RADIUS client.

Procedure

1. Login to Cisco ASDM and browse to Configuration > Device Management > Users/AAA > AAA Server Groups and click Add.

2. Enter a name for the AAA Server Group, choose RADIUS from the Protocol drop-down menu and click OK.

3. Highlight your RADIUS AAA Server Group and click to Add a server to the group.

4. Configure the RADIUS AAA server settings and click OK.

• Interface Name: Select the interface that will be used to communicate with RSA SecurID Access.
• Server Name or IP Address: Enter the Server Name or IP address of your RSA Identity Router.
• Timeout: Set to 60 seconds.
• Server Authentication Port: Set to 1812.
• Server Secret Key: Enter the RADIUS shared secret.  It must match the secret as entered in the RSA Cloud Administration Console.

Repeat steps 3 and 4 for replica RSA Identity Routers.

6. Click Apply.

Next Step: Proceed to the Use Case Configuration Summary section for information on how to apply the RADIUS configuration to your use case.