Network Access Control

dear all,i am instaling cisco secure acs 3.3 for authenticating my pix 535 firewalls.i have big network. all my firewalls are outside to the acs server.can i install acs server outside to the pix ?? can anybody say the minimum configuration. thanks i...

Hi,When using Cisco ACS as the RADIUS server, the authentication is being failed by the VPN Concentrator with the following message"Authentication Rejected: Group password is not configured"Even though the the ACS server send an Access-Accept back to...

Hi everybody, Can anybody help me out here please? I'm using the ACS appliance running software v3.3. I'm doing TACACS+ authentication from a router to the ACS box with backend authentication to a Novell NDS server. OK, I set it all up and got it a...

The problem is the cert is only valid for 1 year (which is what the Enterprise Admins set up), so when the year is up, I can find no way to automatically renew all the certs so the users do not have to intervene and request a new certificate again.

I am using the 1111 appliance to authorize ssh and https sessions to all of my AP's. It works great. Now I want to start doing MAC AUTHENTICATION for all clients to the 1111 appliance also. When adding the AP's into the appliance for ssh and https...

I am looking to secure the access to ACS 3.3.3 on a Windows 2003 SP1 server. I am running only radius and access to an external Windows database. Currently I am looking to allow: - tcp 2000 -> ACS replication - udp 1645 -> RADIUS authen & author ...

Hi all,We have two sites A and B. On site A we have PIX 515 and a T1 line. We need to establish connection to site B to allow the windows 2000 domain clients on site B to authenticate with the domain controller on site A and to acquire IP addresses f...

I have built two ACS for Windows servers on Windows 2003 SP1. The AD environment is Windows 2003 SP1 as well. I have configured the two ACS servers on each box. However, when I go to replicate from box A to box B, the following error appears:Inbou...

I want to make restrictions for those who authenticate through AAA, after the authentication passed it will check the user caller-ID, if it is found at her/his account succeed, otherwise failed reply. Is this feature supported at the ACS 3.3?

HiI need help concerning external database configuration.....actually I want to configure ACS to athenticate users based on domain databasewhen I check on ACS servises I cannot see CSAgent and it looks like I need the API and this CSAgent to can run ...

I have a switch setup to use radius. I have the aaa-new model list applied to my console and telnet ports, but they only work with pap. If I try chap in my remote access policy, login is not allowed, and the radius server's event viewer reads, incorr...

I have configured my pix to authentication using tacacs first; if tacacs is not available it must fall back to LOCAL authentication. The TACACS authentication works fine, when I take out the ACS from the network, the local authentication works as wel...

Hi All,I have configured dot1x authentication on 3750 switch and configured a Windows 2003 radius server as an authentication server. When running debugs aaa and dot1x, I do see the reject coming from the Windows Radius server. It says length of pack...

Is it possible to run EAP-FAST for WLAN clients only and EAP-PEAP for internal LAN clients only?I don't want wireless users authenticating in PEAP.