AnsweredAssumed Answered

RSA MFA integration with Cisco ISE

Question asked by mauricio perez on Feb 26, 2020
Latest reply on May 24, 2020 by Hassan Mehsen

Like • Show 0 Likes0
Comment • 6

Hi everyone,

I have the following question:

I have an RSA MFA environment (Cloud + 2 IDR), where I need to provide a second authentication factor for SSL VPN users (fortinet, checkpoint, ASA cisco, however, the RADIUS server for these platforms is the ISE cisco.

How can I add a second authentication factor for these SSL VPN accounts and that Cisco ISE continues to be the RADIUS server? That is, just add MFA for authentication.

Thank you very much for your time!

Regards,

No one else has this question

Outcomes

6 Replies

Ted Barbour Feb 27, 2020 10:00 AM
Mark Correct
Correct Answer
Hi mauricio perez - to get additional MFA authentication in your environment you would need to target the RADIUS clients at your IDRs' embedded RADIUS servers.
Please take a look at High-Level Authentication Flow for RADIUS for the Cloud Authentication Service.

Hope that is helpful,
Ted
1 person found this helpful
Like • Show 1 Like1
Actions
Ange Olivier Ambemou Feb 28, 2020 6:48 AM
Mark Correct
Correct Answer
Hi Mauricio,

I your case you can configure ISE to radius client to our IDR.

fortinet, checkpoint, ASA cisco used ISE (as radius server) and in over side ISE used RSA IDR as a radius server.

Ange.
Like • Show 0 Likes0
Actions
mauricio perez Mar 5, 2020 3:16 PM
Mark Correct
Correct Answer
Thank you very much to both of you, I am still in the testing phase of Radius Client. I enabled a Radius Client in the cloud and I tried to generate the connection with a fw and different Radius clients without success. I have followed the RSA documentation but I cannot generate remote user authentication with IDR as a Radius Server.
Like • Show 0 Likes0
Actions
- Erica Chalfin @ mauricio perez on Mar 5, 2020 4:18 PM
  Mark Correct
  Correct Answer
  mauricio perez,
  
  If you are still having trouble getting a successful RADIUS authentication, have you tried using enabling RADIUS debug to generate logs and use a RADIUS test client like NTRadPing? 000014905 - Performing RADIUS authentication tests with NTRadPing to RSA Authentication Manager and 000027040 - How to set PINs and navigate Next Tokencode Mode for RSA SecurID Tokens using NTRadPing will assist you in testing.
  
  If you are still having an issue, please contact RSA Customer Support so you can work with a support engineer for assistance.
  
  Regards,
  Erica
  Like • Show 0 Likes0
  Actions
mauricio perez May 11, 2020 1:42 PM
Mark Correct
Correct Answer
Thanks to all, I made the implementation of RSA CAS as Radius Server for Cisco ISE (radius client) and in turn, Cisco is radius server for the fw of different vendors, this works perfect with the necessary tuning.
Like • Show 0 Likes0
Actions
- Hassan Mehsen @ mauricio perez on May 24, 2020 4:37 PM
  Mark Correct
  Correct Answer
  @mauricio perez could you please state what was the problem exactly?
  Like • Show 0 Likes0
  Actions

RSA MFA integration with Cisco ISE

Outcomes

Related Content

Recommended Content