Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
823
Views
0
Helpful
1
Replies

ACS 4.2 authentication using multiple external databases

mallywally
Level 1
Level 1

‎02-08-2012 08:55 AM - edited ‎03-10-2019 06:48 PM

Hi there.

We currently use ACS 4.2 for authentication of corporate users who are accessing the network in 2 different ways:

1) VPN client (via ASA5510)

2) Wireless (EAP-PEAP)

For all users who currently access the network via either of the above 2 methods, the Password Authentication under User Account settings in ACS is set to query an RSA SecurID Token Server.

We would like to try achieve the following in ACS:

  • IF an access request comes from the ASA (VPN clients), THEN we would like the user's password authentication to be handled by the RSA SecurID Token Server as it currently is.

  • IF an access request comes from the Wireless LAN controllers THEN we would like to use EAP-TLS authentication. (We are aware that we would obviously need to configure the WLC, clients, PKI infrastructure etc accordingly for eap-tls).

Does anyone have any best practice guidance, configuration guides or previous experience in differentiating the request sources and how they are handled by ACS?

Many thanks

Labels:
0 Helpful
1 Reply 1

camejia
Level 3
Level 3

‎02-08-2012 10:42 AM

Hello Malcom,

If you have ACS 4.2 you might want to implement Network Access Profiles:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/NAPs.html#wp1128143

or

http://tools.cisco.com/squish/5F591

This should be the best approach for you if using ACS 4.x.

If this was helpful please rate.

Regards.

0 Helpful
Customers Also Viewed These Support Documents