Network Access Control

Has anyone been able to configure 802.1x authentication on Windows XP machines using RSA tokens using Cisco ACS as the RADIUS server?I have come up with bunch of incompatibilities between the offered support e.g. 1. Microsoft PEAP does not support an...

Has anyone tried to use the ACS as a RADIUS proxy to a OTP system with an AD user database on backend? This is so confusing i'm not even sure how to ask the right question.I'm trying to setup a centralised SSL VPN with multiple domains and it works f...

With Auth-Fail VLAN configured on Cisco 3550 the Switch successfully configures the port to the configured auth-fail vlan upon unsuccessful authentication. The PC even gets the IP address from DHCP.However, the Windows XP network icon on the task ba...

Hi All,Has anyone setup authentication with an ASA or concentrator and OpenLDAP? I'm trying to find a schema to load with slapd.Thanks,Stephen

Hi,One of our clients have decided to implement NAC. They need to know what the various options are especially the NAC appliance (3310 etc). I read that the appliance is a device like a server which has hard disks, cd roms etc. But the documents dont...

I am in the midst of implementing easy vpn for remote access on PIX 6.3(5) with local authentication. How can I utilize the local database for both CLI authentication and VPN auth while preventing VPN users from having the capability of logging into...

Wanting to implement 802.1x authentication on my wired network. using Windows IAS as the radius and Windows 2000/XP/MAC OS X as clients. The Windows clients works perfectly, 802.1x authentication occurs before user login box. The Max OS X clients ...

HiIve got a 3005 consentrator on my cetral site and PIX501 on my remote sites (easyvpn).On two of my remote sites I have been starting to have problems with vpn clients autentication to the remote site server (AD).Even if I test user authentication f...

I am using Microsoft IAS for my 2950's and 3550's. So far I can only get it to work using PAP. The options available are CHAP, MS-CHAP, MS-CHAP2, PEAP, and MD5. Are any of these supported by cisco because PAP is not secure.

Hi,Can anybody help in getting any web links which helps me to learn about implementing Tacacs as i am new to it.

Hi All,what I want to do is to bind a specific vpn user with a specific vpn group using a Radius server for AAA and ASA as end point of the vpn.Which is the correct AV pair to use in the communication?Is there a list of all AV pairs usable with ASA a...

Hello,I have ACS and I use this authentication center for multiple devices. My issue is to deny VPN access for some groups, and allow for other. Clients are connected to ASA, maybe the solution can be an cisco-av-pair attribute or something else.Plea...

Hi,We have two ACS servers and we plan to replicate in real time. We have these ACS servers are befind PIX firewall ( inside ) at different locations. Some how we are not able to replicate database from one server to another over real time. Final...

Hi All,Minor dilemma;We have a customer who has requested a support contract on their ACS server, but they have no idea who they bought it from and cannot find the license number nor PAK number - good eh!!Is there any location/directory on the actual...

I have installed the UCP on the Win 2003 server together with ACS 4.0. However, 'CGI Error' occured when I login the UCP.Anyone have the solution on this?ThanksErnest