Cisco ASA - RADIUS Configuration with Authentication Manager - RSA Ready Implementation Guide

a year ago

This article describes how to integrate Cisco ASA with RSA Authentication Manager using RADIUS. Cisco ASA is managed by Cisco’s cloud firewall management solution known as Cisco Defense Orchestrator (CDO).

Configure RSA Authentication Manager

Perform these steps to configure RSA Authentication Manager using RADIUS.
Procedure

Sign in to the Security Console and navigate to RADIUS > RADIUS Client.
Click Add New and provide the following details.
1. Client Name: Give any suitable name.
2. ANY client: Select the checkbox.
3. IP Address Type: IPV4.
4. IPv4 Address: Management IP or Data-Interface IP address of the SECURE ASA Firewall.
5. Make/Model: Standard Radius.
6. Shared Secret: This should be the same as what was configured on the Cisco side.
Click Save.

Configure Cisco Secure ASA using Cisco Defense Orchestrator

Perform these steps to configure to Cisco Secure ASA AnyConnect.
Procedure

Sign in to CDO and browse to Objects.
Click the + icon to create a new object.
On the Add ASA Identity Source page, provide the following details and click Continue.
1. Define the Object Name for RADIUS Server Group.
2. Select the Device Type in the drop-down list.
3. Select the RADIUS Server Group as the Identity Source Type.
Click the + icon to define the RADIUS Server.
Click Create New Radius Server.
Provide RADIUS Server Object Name, select Device Type, define Server Name or IP Address of primary authentication manager machine, and provide Authentication Port and Server Secret Key.
Click Add.
Select the newly created RADIUS Server within the RADIUS Server Group.
Save the RADIUS Server Group settings.
Sign in to CDO, browse to VPN > ASA/FDM Remote Access VPN Configuration > AnyConnect Connection Profiles and edit your profile.
For RADIUS, select AAA Only in the Authentication Type drop-down list and select your AAA Server Group in the Primary Identity Source for User Authentication drop-down list.
Click Continue.