SecurID^® Discussions

Sorry got cut off.

You need to add DNS entries for the second IP address on all of your DNS servers.

Darren

Hello Xiaoli,

You have to hit the system via fqdn, IP will never work properly. Sounds like you're making headway.

~Chris

I have requested DNS changes so that FQDN can be used to access the

self-service console. In this environment, it takes some time to make this

happen, I am trying to push this request forward. Will let you know when

this happens.

Thanks,

Xiao-Li Ding

Information Security Consultant and IT Architect

MS in Computer Science, CISSP, CISA, MBA

IBM Security Services, NA

xding@us.ibm.com

(678) 248-3727

.................................................................................................

Links: IBM Security | Data Security | Emergency Response |

Chris,

Here is the latest email message I sent to RSA support. Please take a

look.

Thanks,

Xiao-Li Ding

Information Security Consultant and IT Architect

MS in Computer Science, CISSP, CISA, MBA

IBM Security Services, NA

xding@us.ibm.com

.................................................................................................

Links: IBM Security | Data Security | Emergency Response |

Hi Chris,

The original message I sent to Darren failed to deliver, as you can see

below:

Your message:

Re: - Re: how to access self-service interface using

public IP address

was not delivered to:

jive-1820889909-lnn-2-iyq9@mail.rsa.jiveon.com

because:

553 <jive-1820889909-lnn-2-iyq9@mail.rsa.jiveon.com> address unknown.

So, please take charge and reply to my message.

Thank you very much!

Xiao-Li Ding

Information Security Consultant and IT Architect

MS in Computer Science, CISSP, CISA, MBA

IBM Security Services, NA

xding@us.ibm.com

.................................................................................................

Links: IBM Security | Data Security | Emergency Response |

Xiaoli Ding‌,

If you follow the RSA SecurID Suite" data-type="space‌ space via your Inbox, emails will come to you from no-reply@rsa.com.  If you try to reply to the email, the To field changes to an address with a domain of mail.rsa.jive.com.  The actual address will be a string unique to that thread or post.  The email address is listed as In your case the alias was jive-1820889909-lnn-2-iyq9@mail.rsa.jiveon.com, as you noted above.

Replying to those emails posts the response in the thread but does not send an email directly to the person you intended.  As you can see in the header info, when you replied to the email, it came back with a message of address unknown.

A reply to that email will be sent to the thread and not to the specific person you intended to email, unless their email address is in the To field.  Alternatively, you can DM the person.

Regards,
Erica

Hi Chris, Darren and Eva,

As I have clarified, the direct access approach is the preferred approach

by the client.

So we would need to access the self-service console from the Internet

directly using a external FQDN that has been added to the DNS system, and

mapped to a public IP address of the RSA server.

We have two RSA instances, one for primary and another for replica:

A secondary NIC has been configured on the VMWare server for each of the

RSA appliances, and public IPs have been assigned to that secondary NIC as

you can see below:

In the RSA network configuration, the second NIC has been connected and

enabled with the public IP address. But the fully qualified domain name of

the primary appliance is still the private FQDN of the appliance, this is

the result of the initial installation and configuration:

Our problem now is:

When we access the self-service console from Internet using the

https://external-fqdn/ssc, we can get to the self-service console

directly, meaning hitting the secondary NIC of the RSA server, but the

redirect URLs will always contain the private FQDN with the machine name

in it, this is not what we want. We want the redirect URLs only contain

the external FQDN because it can be recognized from the Internet.

Please suggest what configuration changes we should make to achieve the

result we want.

Thanks,

Xiao-Li Ding

Information Security Consultant and IT Architect

MS in Computer Science, CISSP, CISA, MBA

IBM Security Services, NA

xding@us.ibm.com

.................................................................................................

Links: IBM Security | Data Security | Emergency Response |

Have to change the subject line to sent to the RSA_Customer_Support.

Xiao-Li Ding

Information Security Consultant and IT Architect

MS in Computer Science, CISSP, CISA, MBA

IBM Security Services, NA

xding@us.ibm.com

(678) 248-3727

.................................................................................................

Links: IBM Security | Data Security | Emergency Response |

Hi There,

Have not received any response from RSA after I sent out couple of email

messages last week.

Can someone send me a personal phone number or call my cell phone number

678-200-8158. I need to have a direct conversation instead of exchange

email messages with support people who constantly change names.

When you call my cell phone number, in case I can not pick up the call,

please leave a voice message.

Thanks,

Xiao-Li Ding

Information Security Consultant and IT Architect

MS in Computer Science, CISSP, CISA, MBA

IBM Security Services, NA

xding@us.ibm.com

(678) 248-3727

.................................................................................................

Links: IBM Security | Data Security | Emergency Response |