cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
3033
Views
5
Helpful
11
Replies
Beginner

Centralized (IAS/Radius) Authentication under IDS/IPS 4260

All,

I have been tasked with the configuring centralized authentication via IAS for all the IPS/IDS devices in the enterprise.  After much invest I'm almost sure that due to limitations inherent to the device my goal is not obtainable.  However, I am still not 100% sure.  My questions are:

1. Can anyone provide a link or any documentation showing definitively whether or not the IPS 4260 supports IAS/Radius authentication?

     a. If not, what would be a suitable alternative? CSM, etc.?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Centralized (IAS/Radius) Authentication under IDS/IPS 4260

Cisco's IPS sensors do not currently support externally authenticated access.  They will only support

local username/password authentication and role assignment.

Scott

11 REPLIES 11
Cisco Employee

Re: Centralized (IAS/Radius) Authentication under IDS/IPS 4260

Cisco's IPS sensors do not currently support externally authenticated access.  They will only support

local username/password authentication and role assignment.

Scott

Beginner

Re: Centralized (IAS/Radius) Authentication under IDS/IPS 4260

This is available with the latest release.

Re: Centralized (IAS/Radius) Authentication under IDS/IPS 4260

To be specific, software release 7.0(4)E4 adds support for AAA via RADIUS (but not TACACS+).  For more information, check out the Cisco document here:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_setup.html#wp1033251

It's important to note that AAA/RADIUS is NOT supported with the latest release of IME (7.0(3)).

Beginner

Re: Centralized (IAS/Radius) Authentication under IDS/IPS 4260

Thanks!  I'll try this.

Re: Centralized (IAS/Radius) Authentication under IDS/IPS 4260

Please note that the latest IME version (7.1.1) supports the Radius (AAA) Feature on CIsco IPS Sensors:

http://www.cisco.com/en/US/docs/security/ips/7.1/release/notes/24340_01.html#wp1296082

Please rate if helpful.

Regards

Farrukh

Beginner

Re: Centralized (IAS/Radius) Authentication under IDS/IPS 4260

Hi All,

I have several IPS ASA-SSM-10 and IPS 4260, I spent several hours trying to get them to authenticate through MS IAS 2003 R2, I was able to get them authenticated thru SSH but not in ASDM. I really appreciate if anyone have any information how to get these working in ASDM.

Thanks

Si

Highlighted

Re: Centralized (IAS/Radius) Authentication under IDS/IPS 4260

Hello

What version are you running on the IPS?

Login to the CLI and keep running the show events command, then login with HTTPS (IDM) and post the exact error in the event log

Regards

Farrukh

Beginner

Re: Centralized (IAS/Radius) Authentication under IDS/IPS 4260

Hi Farrukh,

All IPS/IDS are running version 7.0.4. I did what you recommended and below are the logs I captured:

evStatus: eventId=1306479664548993105 vendor=Cisco


  originator:


    hostId: NACAIRVIDLAB1


    appName: cidwebserver


    appInstanceId: 349


  time: 2011/11/17 16:57:45 2011/11/17 16:57:45 UTC


  loginAction: action=loginFailed


    description: User failed to authenticate with the HTTP server


    userName: best\xsxtran


    userAddress: port=64368 10.90.204.17


evStatus: eventId=1306479664548993106 vendor=Cisco


  originator:


    hostId: NACAIRVIDLAB1


    appName: cidwebserver


    appInstanceId: 349


  time: 2011/11/17 16:57:58 2011/11/17 16:57:58 UTC


  loginAction: action=loginFailed


    description: User failed to authenticate with the HTTP server


    userName: best\xsxtran


    userAddress: port=64369 10.90.204.17

Thanks for all your help

Si

Re: Centralized (IAS/Radius) Authentication under IDS/IPS 4260

Hello,

I think I saw the same issue before, in your AAA config on the sensor(s) please change the default user role to administrator.

On the CLI:

service aaa

default-user-role administrator

This can also be done through the GUI (IDM).

Regards

Farrukh

Beginner

Re: Centralized (IAS/Radius) Authentication under IDS/IPS 4260

Hi Farrukh,

Thanks for helping. I figured out the problem. It was the IOS bug. It worked as soon as I upgraded to version 7.0.6. All my IPS/IDS authenticated through Microsoft Radius now.

Si

Re: Centralized (IAS/Radius) Authentication under IDS/IPS 4260

I'm glad you have it working now and thanks for sharing with everybody

Regards

Farrukh

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards