Cisco AAA/Identity/Nac :: How To Configure Airespace In Secure ACS V5.3

Mar 10, 2013

Cisco Airespace configuration in Cisco Secure ACS v5.3. We're migrating to ACS v5.3 but we're encountering an issue with Cisco Airespace. It is only working on ACS4.1 but when we tried to move it to Cisco Secure ACS v5.3, it is not working.

View 7 Replies


ADVERTISEMENT

Cisco AAA/Identity/Nac :: Configure ASA 8.4 To Communicate With AD Environment Using LDAP Secure?

Jul 30, 2012

I'm trying to configure an ASA to communicate with an AD environment that is only using LDAP Secure (LDAPS). I've configured authentication to ASA's with LDAP lots of times, though never with LDAPS.
 
Presumably there is a procedure to install a certificate in the same way as an RSA sig in VPN.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Secure ACS 4.2 On VMware ESX 4.0?

May 10, 2010

We need to move from ESX 3.5 to ESX 4.0 a virtual machine running Cisco Secure ACS per Windows version 4.2.

View 10 Replies View Related

Cisco AAA/Identity/Nac :: Secure ACS 5.2 Appliance To Use Or Not To Use UCP

Nov 16, 2011

All users are located in the local identity store.So - assume I do not implement ACS but I do turn on password expiration after 60 or 90 days.  Will a user whose password is about to expire attempts to authenticate against ACS 5.2, will they be notified that their password is about to expire?Also, when a user attempts to authenticate but their password expired yesterday, will they be prompted to change it and if so, how will that prompt to change it be presented?

View 3 Replies View Related

AAA/Identity/Nac :: Secure ACS 5.2 And Microsoft NPS?

Dec 6, 2011

We're using Cisco Secure ACS 5.2 as a Proxy AAA server, using Active Directory as an External Identity Store. They are already synced and connected and thus I can login into the VPN using my Domain credentials.
 
But that's not enough. My client needs to limit who can and can't establish VPN session, I mean, the way it is now, EVERY single employee can do that if his/her credentials are valid in the Active Directory domain controller. So I need to do two things:
 
1) Using the Microsoft NPS server, via dialin attribute, allow or deny VPN sessions using ACS/ASA;
 
2) Using the company user credential attribute to identify which Authorization Group the requesting user should be in, Downloadable ACLs will then be applied according to the access policies created for each company.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Secure ACS 5 For IP Address Assignment Via RADIUS?

Jan 13, 2013

I want to use RADIUS (of Secure ACS 5.3) to authenticate users within an ISP environment. Users log connect to a network using a point to point connection (L2) and then they are sending a RADIUS request to get IP adresses. Secure ACS is not quite easy to look through in that case.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Patch Rollup For Secure ACS 4.2 Fails?

Jan 7, 2010

I've got 2 freshly installed ACS 4.2 for Windows servers and I need to apply the latest patch rollup before I build the configurations.  I stopped the ACS services and ran Acs-4.2.0.124.15-SW.exe to install the patches.  The application begins running fine but fails on upgrading the database and then none of the ACS services would start.  I was able to restore the files from the backup that runs with the patch utility and get ACS functioning again.  What am I missing - does the patch rollup require any specific Microsoft Patches to be installed or something like that?

View 7 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 Configuring LDAP With Secure Authentication?

Mar 15, 2012

I am setting up an LDAP identity store over ldaps in ACS 5.1.  I specify that the connection uses secure authentication and provide the Root CA certificate.  When I hit "Test Bind to Server", I get this error message in a popup window: "Connection test bind Failed :server certificate not found"Is this saying that ACS can't find the CA certificate uploaded, or does it mean the actual certificate presented by my LDAPS server during the bind test? 

View 2 Replies View Related

Cisco AAA/Identity/Nac :: OS Lion Of Apple Do Not Authenticate In The Secure ACS 5.2

Jul 16, 2012

I'm with one problem, my OS Lion don't authentication in the Secure ACS Version: 5.2.0.26.10.For the Mac Lion operating system to work you must put in execeção the MAC Address of your computer. I wonder how it could cause the OS to authenticate the ACS Lion.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Secure ACS 5.3 - Receiving An Alarm Notification?

Jul 19, 2012

We are using version 5.3 with patch 5. Incremental and full backup are configured but every day we receive an alarm notification.

View 7 Replies View Related

Cisco AAA/Identity/Nac :: LDAP Or AD For External Database - Secure ACS 5.2

Sep 27, 2012

I am working on project with Secure ACS 5.2.  I am trying to determine the proper External Database to use.  LDAP or direct to AD?
 
Additionally, the Domain that I am connecting to has Multiple sub domains.  All of the users are currently in the Sub domains, but will be moving to root domain later.  How should I configure the connection, do I need to connec to each sub domain or can I just connect to the root?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Secure ACS 5.2 Appliance - High Availability

Sep 1, 2011

I just want to know if i need to support High Availability in Cisco Secure ACS 5.1 appliance, will the base license suffice or do i need to buy Security Group Access System License/ Large deployment License. Again, do we require license for each appliance or just one is enough?

I Suppose the licensing rules are same for the Vmware version also.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: 2960S Web Authentication With RSA Secure-ID On Switch

Feb 4, 2012

I've recently been looking into linking in our Cisco 2960S Gb Switch with RSA SecureID via Radius.I've already managed to link it in for ssh access
 
but I've not managed to get it working for http / web access to the switchI think this is because we're using "single use" tokens for maximum security with RSA Secure-ID and the web interface attempts to authenticate multiple times against the Radius part of the RSA SecureID server (okay on the first authentication, but each time after it's going to want a different token code)
 
(if there's a way to get the switch to just authenticate once instead of multiple times against the radius server) For info the switch is a WS-C2960S-24TS-L with IOS 15.0(1)SE2

View 2 Replies View Related

AAA/Identity/Nac :: Secure ACS 5.1 Users Disabled Intermittently

Nov 14, 2012

We're running Cisco Secure ACS V5.1 on a Linux platform to manage remote access to many networking devices. This has not been in place long, and is generally working OK. However, whenever I set the parameters of the user authentication to 'disable user account after X days if password was not changed', so as to comply with our internal security regulations, the user IDs seem to disable themselves intermittently, irrespective of whatever number of days I put in this - this can be a couple of days after re-enabling, or just a few minutes.
 
This can be found in the advanced tab here: System Administration > Users > Authentication Settings.In the mean time, we are having to set the user authentication to be non-expiry. Is this a known fault with this version of software? If so, would there be a patch available, and how would I go about obtaining it?

View 1 Replies View Related

AAA/Identity/Nac :: Use Cisco Secure ACS 4.2 To Enable Command Authorization Using TACACS?

Nov 5, 2011

provide a sample configuration to use Cisco Secure ACS 4.2 to enable command authorization using TACACS.

View 8 Replies View Related

Cisco AAA/Identity/Nac :: Delete Proxy Configuration On Secure ACS 4.1 For Windows?

Feb 6, 2012

We have a pair of ACS 4.1 servers (Windows Server 2003 R2). Let's call them ACS1 and ACS2. We don't want either one of them to proxy to any AAA server, including each other. We're using mostly TACACS authentication.
 
While troubleshooting a general problem, I'm guessing that one of us did this on ACS1:
 
pressed the Network Configuration button,saw the Proxy Distribution Tableclicked (Default)moved ACS1 from the AAA Servers column to the Forward To column. 
So, essentially, we're telling ACS1 to proxy all requests to itself, which doesn't seem to make sense. I don't know for sure whether it should work when configured to "self proxy," but in that state, it does not authenticate anyone and gives merely "Internal error" as the reason.
 
If I change the configuration so that "ACS2" appears in the Forward To column, and I move "ACS1" back to AAA Servers and restart, ACS1 starts responding correctly to TACACS requests. Of course, ACS1 is just proxying all requests to ACS2, so having two servers isn't doing much good.
 
I cannot simply remove ACS1 from the Forward To column and leave it empty. The interface complains that it can't forward to zero servers. Of course, on ACS2, there are no servers in the Forward To column, since we never touched the Proxy Distribution Table there.
 
Is there any way to return the Proxy Distribution Table to its default setup, that is, no servers appear in the "Forward To" column?
 
We're planning to upgrade to version 4.2 very soon, so this question is mostly academic, unless the same problem exists in 4.2.
 
For full disclosure, I should mention that the problem we were troubleshooting was loss of connectivity to our Windows Domain Controllers from our ACS servers. We had missed adding some exceptions in our firewalls to allow for four new DCs. As far as we can tell from testing, connectivity to the DCs is now fine. The firewall rules group ACS1 and ACS2 together, so connectivity should be the same, and ACS2 authenticates users correctly.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: How Many Network Devices Can Secure ACSv4.1 Support

Sep 13, 2012

How many newtork devices can Cisco Secure ACSv4.1 support is there any limit on the same? How to get the Specs of Cisco Secure ACSv4.1 on the above grounds...

View 2 Replies View Related

AAA/Identity/Nac :: Upgrade From 5.1 To 5.2 By Having Smarnet On 1120 Secure ACS Appliance?

Mar 13, 2011

Am I entitle to upgrade from 5.1 to 5.2 by having smarnet on my 1120 Secure ACS Appliance?

View 1 Replies View Related

Cisco :: WLC5508 - Configure Certificate Between Wireless AP And Clients To Secure Username / Password?

May 14, 2013

is there anyway to configure a certificate between the wireless AP and clients to secure my username and the password.
 
my setup is WLC5508/AP1142/ACS5.4

View 6 Replies View Related

Cisco Switching/Routing :: AP-C2R1C5-3750 / Configure Scp For Secure Configuration Backup

Sep 16, 2012

I'm trying to configure scp for secure configuration backup. I've configured the SCP server with an account and password but, I keep getting the no such file or directory error
       
AP-C2R1C5-3750#sh run | b arch archive path scp://mchenry:PASSWORD@172.20.22.229//C:/Program_Files/OpenSSH/Cisco_Configs/Switch_Config
 username mchenry privilege 15 password 7 XXXXXXXXXXXXXXXXXXXXX
 ip scp server enable
  
Error: %scp: /C:/Program_Files/OpenSSH/Cisco_Configs/Switch_ConfigSep-17-16-04-44.172-1: No such file or di
 
SWITCH#ping 172.20.22.229 Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.20.22.229, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 33/33/34 ms

View 1 Replies View Related

Cisco AAA/Identity/Nac :: 5510 Assigning A User Group Using RSA Secure ID RADIUS Server

Feb 3, 2007

We have several ASA 5510 firewalls which are being used as VPN gateways.RSA SecurID is the authentication mechanism using native SDI connectivity. No ACS server is being used.Is it possible to assign user Group and other attributes (such as ACL), using the SecurID RADIUS server? I know this is what the Cisco ACS is for, but is it possible using the RSA RADIUS server itself?

View 11 Replies View Related

Linksys Wireless Router :: E1000 Secure And Non-secure Hotspots

Jul 12, 2011

When setting up my e1000 router for a secure domain it automatically opened a non secure one that my neighbors are using. How can I cancel it?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: How To Configure MAB In ACS 5.2 Or 5.3

May 8, 2012

How to configure MAB (Mac Authentication Bypas) in ACS 5.2 or ACS 5.3.I have running tacas+ & radius on the ACS with a local database
 
I have entered already a list of MAC address in the Users and Identity Stores / Internal Identy Stores / Hosts .Also I have already a Access Policies configured. Access Policies / Service Selection Rules / MAB
 
And a group "Host Lookup" Host Lookup has the service type : Network Access And policy structure : Identity & Authorization.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: To Configure MS ACS 4.1.1.23 To Allow Linux TACACS

Sep 20, 2011

I am running ACS 4.1.1.23 on a Microsoft server and I am trying to get TACACS to work with two Linux servers.  The servers are capable of TACACS, are using port 49 and have the correct shared secret.  I believe I do not have the devices configured properly on the ACS side.  These 2 servers currently are using RADIUS and we are getting bit by the bug where the ACS application will start rejecting RADIUS authentication requests but still accept TACACS requests.

View 6 Replies View Related

Cisco AAA/Identity/Nac :: Configure ACS 5.1 Appliance To Connect To AD

Jun 18, 2011

This is a new installation.I did to configure the ACS to connect to the AD to authenticate users and retrieve the user information for group mapping as following step. Go to Users and Identity Stores > External Identity Stores > Active Directory, and enter the domain name and provide a username/password that will allow connect to the domain.Next, click on the Test Connection button to validate joining the domain.
I got success test connection. But when I click Save Changes. I got error .

View 5 Replies View Related

Cisco AAA/Identity/Nac :: How To Configure LAN Teaming In ACS 1121

Mar 27, 2011

how to configure LAN teaming in Cisco ACS 1121. My requirement is to have virtual IP in the server with two physical IPs in the available 2 interface in the server.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: How To Configure Radius Failover In ACS 5.1

Aug 21, 2011

I need to configure the ACS 5.1 to meet the following requirement :-
 
1. ACS 5.1 will point to a RSA SecurID as the first authentication mechanism for the validation of user credential

2. In the event that RSA SecurID is not reachable, the ACS 5.1 shall point to its local user database.
 
 I had no problem configuring for Point (1), but I am not able to let it failover to the local user database.

View 11 Replies View Related

Cisco AAA/Identity/Nac :: How To Configure Custom Attribute ACS 5.1

May 30, 2011

I want to configure RBAC for ANM 4,2 using tacacs+ and ACS 5.1 [code]

When the admin user logs in, this policy element is triggerd, but the Role is not sent back.How to configure the Custom Attribute?

View 1 Replies View Related

Cisco Firewall :: How To Configure Identity In ASA 5520

Nov 4, 2011

i have an ASA 5520 with ios 8.4 and asdm 6.4.
 
my configureation is below 
my asa interfaces 
inside ip
172.16.0.0/22

[Code]..... 
 
so now i want to configure my asa to give access to user based. what configurations should i use to do so.
 
i have attached the Edit Active Directory Server  dialuge box so what should i put there in the box's

View 1 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Configure Command Set Only To Allow Interface Access?

Jul 6, 2011

I had insatalled the ACS 5.2 on Vmware . As per my requirement i need to configure a user to restricted privilege so that he should be able to execute only the below commands on the switch .
 
-Show ver
-Show interfaces
-Show ip Interface Brief
-Configure terminal
-Interface <interface name >
-Shutdown
-No shutdown
 
The users should not be authorized to execute any other commands than above listed one .After the configuration i was not able to restrict the config mode commands . Once the user is  authoized for  Configure terminal access  he will have full access on the device. How to configure the command set only to allow  interface access and he should be able to apply Shutdown and No shutdown command .

View 6 Replies View Related

Cisco AAA/Identity/Nac :: VSA 218 - Configure IP Pool Selection By RADIUS On ACS 5-3-0-40-7?

Feb 18, 2013

I'm trying to configure IP pool selection by RADIUS on ACS 5-3-0-40-7.So, I went to configuring the cisco-assign-ip-pool (Cisco VSA 218) attribute within some test authorization profile but discovered that cisco-assign-ip-pool is an integer (?!) and (therefore) accepts digits only.

As far as I can remember, we used to put pool *names* within ip:addr-pool

(something along those lines: cisco-avpair = "ip:addr-pool=test-pool-1").

So how should we configure the values for this attribute in ACS 5?

View 4 Replies View Related

Cisco AAA/Identity/Nac :: Configure ACS 5.2 And Checkpoint For Firewall Admin

Aug 5, 2012

how to configure ACS 5.2 for device administration of Checkpoint firewalls and security management servers?

View 4 Replies View Related

Cisco AAA/Identity/Nac :: Configure Users On ACS 4 To Authenticate Password With RSA 6.1

Apr 16, 2013

I have ACS 4 integrated with RSA 6.1, where users of ACS can authenticate their passwords with the rsa server.I am migrating users to ACS 5, and I want to integrate with rsa.
 
I am configuring rsa as “rsa secureID token servers”.But how should I configure the users on acs to authenticate the password with rsa?
 
Previously on acs 4, on the user page, in password field, I select authenticate with external DB, Also, any guide for the config on  rsa 6.1 side (with acs 5)

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved