Network Access Control

We recently upgraded our ACS servers to version 3.1. Since then we have had several instances where the ACS server appears to stop responding to request. Reports in the ACS show the authentication was successful, but at the device it fails. Debug sho...

Hello, I have a scenario of IPSec VPN Client establishing IPSec VPN sessions with a PIX Firewall authenticating the clients with a RADIUS server. I tried doing this with a local IP address pool configured in the PIX, assigning IP addresses for th...

I was wondering if it is possible to configure the ACS server for Unix v2.3(or for windows) for authenticating users from a specific NAS and forwarding the accounting information only to another Radius Listener Server. It will somehow act as a Proxy ...

Hi all,I having a problem when I wanted to changed my password, where the error as belowError = Session key error, yvnwf'usernamer@domain-yvnwf'username@domain.net.Can somebody help me on rectify the problem.

Hi,I am getting this:%TAC+: no address for get_serverfor an every single command I enter into the router. What is wrong? Any ideas?Thanks in advance!

HelloSo I've created my custom avpair.ini file which looks like this:###################################[User Defined Vendor]Name=ColubrisIETF Code=8744VSA 1=colubris-max-input-packetsVSA 2=colubris-max-output-packetsVSA 3=colubris-max-input-octetsVS...

I'm not sure if anyone has experience about this issue, I have an old PIX506 running on code 5.22. All it does just authenticate traffic that pass through it with an ACS server 3.0 (TACACS+) I tried to upgrade the code to version 6.31, after the upga...

HelloWell, I've tried to set this up, but for some reason, all users in any group are able to authenticate to any NAS. What I did was under the group I want to restrict I clicked on "Per User Defined NAR", then "Denied Calling...", then I select the...

All,I'm having some problems getting ACS 2.6 NT to work with my 3620. I've got it to where a dialin user will authenticate (or so the ACS auth logs say) but then I get the "cannot log you on -invalid domain/username" error and I get disconnected. T...

*Aug 13 07:41:52 CENTRAL: AAA/ACCT/EVENT/(00000031): 00002000*Aug 13 07:41:52 CENTRAL: AAA/ACCT/243(00000031): Pick method list 'default'*Aug 13 07:41:52 CENTRAL: AAA/ACCT/243(00000031): Pick method list 'default'*Aug 13 07:41:52 CENTRAL: AAA/ACCT/CM...

We are using AAA with CiscoSecure ACS 3.2. All the 'defaults' are configured to use the ACS server -i.e. aaa authentication login default group ACS local, aaa authorisation exec default group ACS local. We also dynamically map users from Windows AD...

Hello to everybody,I have a simple question concerning CiscoSecure ACS 3.2 (software Solution or Solution Engine).Browsing the documentation in the Cisco WEB Site I found indicated that the application should support High Availability configuration.U...

Hi Experts.I have the following scenario:NT Server | |(in)[PIX](dmz)---(in)[VPN3000](out)(out) _|______________________|__ Internet(Both the Pix and the VPN3000 have the outside interface connected to the Internet).Well, I need to allow the VPN30...

PIX by default allow all the user behind the firewall to access Internet, Is they any way to configure PIX to force user to authenticate against PIX local username database ( Instead of TACACS+ and Radius), before accessing the Internet.Thanks