Nilesh,
when you set the user to be authenticated with SecurID, the only need to
enter username and passcode once.
For the SecurID users, you do not need to create them under ACS, just a
template for SecurID users. This way, if the user does not exist under the
"normal" database, it will automatically proxy out to SecurID.
Dialback will work with it, but be careful how you are presenting the
options to the end user, if they are using ISDN then roaming dialback can be
difficult to configure, unless you use CBCP (Call Back COntrol Protocol)
which allows you to specifiy the dialback number.
If you want any more details please feel free to mail
Simon Kellow
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Nilesh Naik
Sent: 11 May 2001 11:06
To: [EMAIL PROTECTED]
Subject: secureID with radius
hello friends
we have 3-4 branch offices and for our employees
who keeps on travelling , we want a secured remote
access environment the remote access environment. for
which we have decided to deploy ciscoSecure ACS along
with the secureID Ace/Server
follwing is the mixed list of my queries and our
requirment , please guide me
requirements :
1) dial back/call back once user gets authenticated.
2) traditional userID/password authentication with an
additional level of security provided by SecureIDtoken
server and secureID tokens.
3) this addtional layer of security provided by
secureID tokens and token server will be only used in
the case of remote access.
queries :
1) Is it possible to use token based authentication
with traditional radius authentication ,
what i mean is user will have to enter
username/password two times once for Radius and
second time
user will enter username/OTP passcode
generated by
SecureID authenticators,
This(above) should also happen with
dialback/callback , is it possible ? if yes then how
this authentication will work ?
is the above recommended ? if no what is
recommended ?
2) we have decided that we are going to deploy
ciscosecure ACS with SDI secureID ACE/server.
then where we should create the users ? since now
we have droped the idea of using LDAP central
directory to store user ID/password whichwe were
planning to use for authentication and so , i have
mentioned in my previous mail .
1) for traditional radius authentication with
normal
uid/password .
and
2) for token based authentication with
sameuid/OTP
passcode generated by secureID authenticators
in cisco ACS native database ? or in the ACE server
userdatabse ? or in both cisco sever ACS Databse as
well as ACS servers database ?
whats the recommended ?
3) How the radius authentication will work along with
the ACE servers token based authentication ?
4) can we have all the following applications
1) ciscoSecure Access Control Server
2) SecureID Ace/Server
running on different hosts,for above senario.
would really appriate if someone guide me
Thanks & Regards
Prashant Desai
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
