This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
Mauro
Occasional Contributor
Occasional Contributor
‎2020-02-26 05:16 PM

RSA MFA integration with Cisco ISE

Hi everyone,

 

I have the following question:

 

I have an RSA MFA environment (Cloud + 2 IDR), where I need to provide a second authentication factor for SSL VPN users (fortinet, checkpoint, ASA cisco, however, the RADIUS server for these platforms is the ISE cisco.

How can I add a second authentication factor for these SSL VPN accounts and that Cisco ISE continues to be the RADIUS server? That is, just add MFA for authentication.

 

Thank you very much for your time!

Regards,

Labels (1)
Labels
0 Likes
Reply
7 Replies
TedBarbour
Employee
Employee
‎2020-02-27 10:00 AM

Hi mauricio perez‌ - to get additional MFA authentication in your environment you would need to target the RADIUS clients at your IDRs' embedded RADIUS servers.  

Please take a look at High-Level Authentication Flow for RADIUS for the Cloud Authentication Service.

 

Hope that is helpful,

Ted

Reply
AngeOAmbemou
Occasional Contributor Occasional Contributor
Occasional Contributor
‎2020-02-28 06:48 AM

Hi Mauricio, 

 

I your case you can configure ISE to radius client to our IDR.  

 

fortinet, checkpoint, ASA cisco used ISE (as  radius server) and in over side ISE used RSA IDR as a radius server.

 

Ange.

0 Likes
Reply
Mauro
Occasional Contributor
Occasional Contributor
‎2020-03-05 03:16 PM

Thank you very much to both of you, I am still in the testing phase of Radius Client. I enabled a Radius Client in the cloud and I tried to generate the connection with a fw and different Radius clients without success. I have followed the RSA documentation but I cannot generate remote user authentication with IDR as a Radius Server.

0 Likes
Reply
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
In response to Mauro
‎2020-03-05 04:18 PM

mauricio perez‌,

 

If you are still having trouble getting a successful RADIUS authentication, have you tried using enabling RADIUS debug to generate logs and use a RADIUS test client like NTRadPing? 000014905 - Performing RADIUS authentication tests with NTRadPing to RSA Authentication Manager‌ and 000027040 - How to set PINs and navigate Next Tokencode Mode for RSA SecurID Tokens using NTRadPing‌ will assist you in testing.

 

If you are still having an issue, please How to contact RSA Customer Support‌ so you can work with a support engineer for assistance.

 

Regards,

Erica

0 Likes
Reply
Mauro
Occasional Contributor
Occasional Contributor
‎2020-05-11 01:42 PM

Thanks to all, I made the implementation of RSA CAS as Radius Server for Cisco ISE (radius client) and in turn, Cisco is radius server for the fw of different vendors, this works perfect with the necessary tuning.

0 Likes
Reply
HassanMehsen
Respected Contributor
Respected Contributor
In response to Mauro
‎2020-05-24 04:37 PM

@mauricio perez could you please state what was the problem exactly?

0 Likes
Reply
CliffGiddens
New Contributor
New Contributor
In response to TedBarbour
‎2021-01-28 10:04 AM

Hi Ted - the link for the "High-Level Authentication Flow" is no longer valid - I'm still trying to figure out how to help my Cisco guys connect to our Authentication Mgr using RADIUS.

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.