Switching RSA/ACE Server from FW1 to PIX

Discussion in 'Cisco' started by BrianG, Jan 26, 2004.

  1. BrianG

    BrianG Guest

    Hello,

    We currently use RSA SecurID's with ACE Server 5.1 with our CheckPoint
    FW-1 firewall but we are replacing the FW-1 with a PIX. The ACE
    server is already completely setup, I just need to setup the
    partnership. I know with the CheckPoint, there is a file that I had
    to TFTP from the ACE server to the Nokia box when we changed ISP's and
    hence IP addresses. I'm assuming there is something similar that has
    to be done with the PIX?

    Any help would be greatly appreciated.

    Thanks,
    Brian
    BrianG, Jan 26, 2004
    #1
    1. Advertising

  2. BrianG

    Jason Kau Guest

    BrianG <> wrote:
    > We currently use RSA SecurID's with ACE Server 5.1 with our CheckPoint
    > FW-1 firewall but we are replacing the FW-1 with a PIX. The ACE
    > server is already completely setup, I just need to setup the
    > partnership. I know with the CheckPoint, there is a file that I had
    > to TFTP from the ACE server to the Nokia box when we changed ISP's and
    > hence IP addresses. I'm assuming there is something similar that has
    > to be done with the PIX?


    Nope.

    CheckPoint supports native RSA SecurID authentication and so by definition
    it is an RSA ACE/Agent and thus looks for the file /var/ace/sdconf.rec
    (IPSO/UNIX) which you copied from the RSA ACE/Server.

    The PIX does not support native RSA SecurID authentication, so you need to
    run the RADIUS or TACACS+ server that comes with RSA ACE/Server (or use a
    access server that can talk to RSA/SecurID like Cisco Secure ACS) and have
    the PIX talk RADIUS or TACACS+ to the RSA ACE/Server

    --
    Jason Kau
    http://www.cnd.gatech.edu/~jkau
    Jason Kau, Jan 26, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. PJML
    Replies:
    4
    Views:
    7,310
  2. RPO83
    Replies:
    13
    Views:
    10,975
    bhattii
    Jan 8, 2008
  3. Martin Bilgrav
    Replies:
    7
    Views:
    491
    Robert
    Sep 9, 2005
  4. Replies:
    0
    Views:
    736
  5. Ruchin

    Issue with RSA/ACE

    Ruchin, Oct 12, 2011, in forum: Software
    Replies:
    0
    Views:
    907
    Ruchin
    Oct 12, 2011
Loading...

Share This Page