Hi there.
We currently use ACS 4.2 for authentication of corporate users who are accessing the network in 2 different ways:
1) VPN client (via ASA5510)
2) Wireless (EAP-PEAP)
For all users who currently access the network via either of the above 2 methods, the Password Authentication under User Account settings in ACS is set to query an RSA SecurID Token Server.
We would like to try achieve the following in ACS:
- IF an access request comes from the ASA (VPN clients), THEN we would like the user's password authentication to be handled by the RSA SecurID Token Server as it currently is.
- IF an access request comes from the Wireless LAN controllers THEN we would like to use EAP-TLS authentication. (We are aware that we would obviously need to configure the WLC, clients, PKI infrastructure etc accordingly for eap-tls).
Does anyone have any best practice guidance, configuration guides or previous experience in differentiating the request sources and how they are handled by ACS?
Many thanks