Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Integrate RSA server with Aruba Clearpass

This thread has been viewed 12 times
  • 1.  Integrate RSA server with Aruba Clearpass

    Posted May 13, 2024 10:33 AM

    I have added the RSA server as a token server source but I'm not able to authenticate clients. Looking at the RSA live authentication monitor the attempt it not happening. I can see Aruba sending traffic on port 5500 but the RSA server never replies - it almost looks like the server doesn't see this as an authentication attempt. The configuration is pretty simple on both ends and I don't know what I am missing. Any help or direction is appreciated



  • 2.  RE: Integrate RSA server with Aruba Clearpass

    EMPLOYEE
    Posted May 13, 2024 12:51 PM

    What instructions did you follow for setting up the integration?



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 3.  RE: Integrate RSA server with Aruba Clearpass

    Posted May 13, 2024 01:14 PM

    I was not able to find a guide, so I tested a few things around. The configuration on the clearpass end did not change, only the port I was trying to communicate. I configured the clearpass servers as radius clients and agents in the RSA server and changed the port in clearpass token server configuration from 5500 to 1812. Only then I saw the communication happening. But the RSA keeps failing the authentication. The messages are stating that is requiring a next token, or it's a PIN reeuse.

     

    Clearly there is a disconnect and I don't understand where.






  • 4.  RE: Integrate RSA server with Aruba Clearpass

    EMPLOYEE
    Posted May 13, 2024 01:26 PM

    You might want to setup the RSA server as a token server?

    https://www.arubanetworks.com/techdocs/ClearPass/6.11/PolicyManager/Content/CPPM_UserGuide/Auth/AuthSource_TokenServer.htm



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 5.  RE: Integrate RSA server with Aruba Clearpass

    Posted May 13, 2024 01:46 PM

    That is how I have it set up. The RSA is failing the authentication.






  • 6.  RE: Integrate RSA server with Aruba Clearpass

    EMPLOYEE
    Posted May 13, 2024 02:01 PM

    OK, maybe explain what you are trying to accomplish, what authentication workflow you are wanting to utilize with the RSA token?  Hopefully not something to do with 802.1X.

    https://rsasecurity.my.salesforce.com/sfc/p/#70000000IwPy/a/4u000001Va3V/bHJhkO8.7mRlL_y9khPBAHQ4WLIPiqd8Pd6j7N4NY5k



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 7.  RE: Integrate RSA server with Aruba Clearpass

    MVP
    Posted May 14, 2024 03:51 AM

    Did you check this on the RSA Web page?

    https://community.rsa.com/s/product-integration/a9H4u000001I9lmEAC/clearpass-policy-manager



    ------------------------------
    Shpat | ACEP | ACMP | ACCP | ACDP |
    -Just an Aruba enthusiast and contributor by cases-
    ------------------------------



  • 8.  RE: Integrate RSA server with Aruba Clearpass

    Posted May 14, 2024 10:19 AM

    I was able to complete the configuration with the help from RSA support team. The system I was testing was sending double requests (two radius servers configured) to the console server and it was failing it






  • 9.  RE: Integrate RSA server with Aruba Clearpass

    EMPLOYEE
    Posted May 14, 2024 10:25 AM

    That does explain the "PIN reuse" error you were getting.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------