Hi everyone,
I have the following question:
I have an RSA MFA environment (Cloud + 2 IDR), where I need to provide a second authentication factor for SSL VPN users (fortinet, checkpoint, ASA cisco, however, the RADIUS server for these platforms is the ISE cisco.
How can I add a second authentication factor for these SSL VPN accounts and that Cisco ISE continues to be the RADIUS server? That is, just add MFA for authentication.
Thank you very much for your time!
Regards,
Hi Mauricio,
I your case you can configure ISE to radius client to our IDR.
fortinet, checkpoint, ASA cisco used ISE (as radius server) and in over side ISE used RSA IDR as a radius server.
Ange.
Thank you very much to both of you, I am still in the testing phase of Radius Client. I enabled a Radius Client in the cloud and I tried to generate the connection with a fw and different Radius clients without success. I have followed the RSA documentation but I cannot generate remote user authentication with IDR as a Radius Server.
If you are still having trouble getting a successful RADIUS authentication, have you tried using enabling RADIUS debug to generate logs and use a RADIUS test client like NTRadPing? 000014905 - Performing RADIUS authentication tests with NTRadPing to RSA Authentication Manager and 000027040 - How to set PINs and navigate Next Tokencode Mode for RSA SecurID Tokens using NTRadPing will assist you in testing.
If you are still having an issue, please contact RSA Customer Support so you can work with a support engineer for assistance.
Regards,
Erica
Hi mauricio perez - to get additional MFA authentication in your environment you would need to target the RADIUS clients at your IDRs' embedded RADIUS servers.
Please take a look at High-Level Authentication Flow for RADIUS for the Cloud Authentication Service.
Hope that is helpful,
Ted