Switching RSA/ACE Server from FW1 to PIX

Discussion in 'Cisco' started by BrianG, Jan 26, 2004.

  1. BrianG

    BrianG Guest


    We currently use RSA SecurID's with ACE Server 5.1 with our CheckPoint
    FW-1 firewall but we are replacing the FW-1 with a PIX. The ACE
    server is already completely setup, I just need to setup the
    partnership. I know with the CheckPoint, there is a file that I had
    to TFTP from the ACE server to the Nokia box when we changed ISP's and
    hence IP addresses. I'm assuming there is something similar that has
    to be done with the PIX?

    Any help would be greatly appreciated.

    BrianG, Jan 26, 2004
    1. Advertisements

  2. BrianG

    Jason Kau Guest


    CheckPoint supports native RSA SecurID authentication and so by definition
    it is an RSA ACE/Agent and thus looks for the file /var/ace/sdconf.rec
    (IPSO/UNIX) which you copied from the RSA ACE/Server.

    The PIX does not support native RSA SecurID authentication, so you need to
    run the RADIUS or TACACS+ server that comes with RSA ACE/Server (or use a
    access server that can talk to RSA/SecurID like Cisco Secure ACS) and have
    the PIX talk RADIUS or TACACS+ to the RSA ACE/Server
    Jason Kau, Jan 26, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.