topic remote proxy authentication with ACS in Network Access Control

remote proxy authentication with ACS

rbolyard — Sun, 10 Mar 2019 20:56:29 GMT

Hello,

I have a Cisco Hardware ACS 3.2 behind a Pix 515E. I am trying to setup remote authentication from Sprints Dial-up authentication servers. I opened ports 1645 and 1646 from the outside to the ACS inside, but when they send a test, they get nothing in reply and I see nothing on ACS for failed or anything. Is there something I have to do on the Pix515E to allow these requests to get to the ACS on the inside network?

Thank you,

Rick

Re: remote proxy authentication with ACS

gfullage — Fri, 24 Dec 2004 04:14:19 GMT

Radius works on ports 1645/1646 (older systems generally), and on the proper ports of 1812/1813 (initially Radius was given 1645/1646 to use but then IETF realised another system used it, so they changed the "official" Radius ports to 1812/1813 ata later date). Depending on what ports the Sprint dial-up system uses you will probably need to open up those ports through the PIX. ACS automatically listens on both 1645/1646 and 1812/1813 for Radius authentication requests.

Re: remote proxy authentication with ACS

rbolyard — Mon, 27 Dec 2004 15:23:49 GMT

so far this is where we are, i had tcp and not udp ports open. i have made that change. Now they go thru the pix to the ACS. however they are trying to login with username@domain.ext and they only authenticate against the default group in the ACS. I am seeing if Sprint will try domain\username so that way it will go to the correct group and work.