Forum Discussion

Srecko_M__12636's avatar
Srecko_M__12636
Icon for Nimbostratus rankNimbostratus
Sep 30, 2015

AAA Server SecurID Configuration with Route Domains

Hello,   I have to configure native SecurID authentication on redundant F5s with APM remote access. In the "New Server" definition, I can select "Select from Self IP List". All the Self IPs are i...
BIG-IP Access Policy Manager (APM)
deployment
security
TMOS
StephanManthey's avatar
StephanManthey
Icon for Nacreous rankNacreous
Nov 11, 2016

Hi,

it seems to me, that the ACE configuration file gets somehow corrupted during the import procedure.

If you extract the configuration file externally, you will see references to the ACE server in cleartext in the 
sdconf.rec
file. These references are gone after the import.

The imported file can be found under 
/config/aaa/ace///
after creating the Secure-ID AAA server profile.

After replacing the 
sdconf.rec
file in this folder, I was able to verify a UDP/5500 connection to the RSA server by using the command line tool combined with the rdexec utility to force the execution in the specified route domain (50 in the example below):

$ rdexec 50 securidtest -p "/config/aaa/ace/part_application/aaaserver_secure-id/" -s 10.33.115.250 -u medusasecurid -w 123456

The utility 
secureidtest
is described in AskF5 SOL12164.

The utility 
rdexec
is described in AskFf5 SOL13472.

Cheers, Stephan