RSA SecureID with three-NIC UAG config

I can’t seem to get my three-NIC UAG 3.4 deployment working with RSA SecureID. The couple questions I have are: What interface, in a 3-NIC config, is used on the UAG to communicate with the RSA auth server? What values do I use for External Host Name and Internal Host Name in the UAG web interface? Thanks!

View Reddit by VirtuallyMikeBView Source


To see the full content, share this page by clicking one of the buttons below

Related Articles

One Comment

  1. So for anyone that may come across this thread…make sure there are no typos in the INI file. The script likely doesn’t perform a ton of input validation.

    To answer the questions in the post, the UAG communicates with the RSA Auth Manager using the same interface that communicates with the Connection Servers. In this case, eth2, or the Backend interface. Recall the 3-NIC deployment configures the interfaces as follows: eth0 (Internet), eth1 (Management), eth2 (Backend).

    Some other points: I missed some “/24” in my static routes, which borked the entire deployment. I have several static routes and I just missed these.

    In addition, and directly related to RSA failing to be configured when deploying from the script, I had some leading spaces in the INI file on the lines related to the RSA config. For instance, I had a leading space before [SecurIDAuth] and in front of each numIteration, serverConfigFile, externalHostName, and internalHostName lines. Deleting these leading spaces allowed RSA to be configured using the deployment script.

    Also, as mentioned elsewhere on the Internet, the internal and external hostnames should be the IP address of the UAG backend interface. Yes, both should be the same IP address.

Leave a Reply