Network Access Control

I am remotely administrating perimeter devices at my other locations. I would prefer the routers to use TACACS for admin authentication, but the firewall people need to use RADIUS for firewall admin authentication (non Cisco, does not support TACACS...

We were using ACS 3.0 and we upgraded to 3.2. We use RSA secure ID. Everything was working perfect before the upgrade but after we are unable to authenicate users who are using secure ID trying to go to secure data behind a firewall. Users who vpn...

Hi, I am trying to find a solution, for the following design,We have over 250 Nortel Switches(Baystack 460).Authetication works fine with ACS 3.2 Using Radius.Now I want to do the following,* I have 2 ADMIN groupsADMINGP1: To manage 100 Switches wit...

hi,we are using Cisco Secure ACS v3.2 installed on a Win2k US-Server,using a MS-ODBC Driver and want to import userprofiles via RDBMS.We imported a user like in the example of UserGuide1;remark SequenceID,Priority,UserName,GroupName,Action,ValueName,...

I want to create groups on a VPN concentrator that are really configured on the ACS server and that is where all of the settings would be pulled from. I try to setup a externally configured group on the concentrator, but on the ACS I see a failed att...

When I do a sh run, the tacacs key does not get encrypted, even tho I have the service paswd encryption command on (the radius key does!) .. I looked up (and checked with TAC) and found that this is an "Additional" feature that cisco is working on an...

Hello all, My situation is the following. I have a Windows VPN client 4.0.1 trying to authenticate with digital certificates to a 3005 concentrator. I have installed the CA on both, identity certificate on the 3005 as well. I enrolled a certificate w...

HI,We have a Cisco ACS 3.0 configured for tacacs which is integrated with windows 2000 domain for user authentication.There are few users who are able to authenticate but few users are not able to connect.The configuration on both ACS and Windows is ...

I have printers connected to a Cisco 2500 and we use reverse telnet for printing to the lines. How do I configure AAA so that it doesn't go to the TACACS server for authentication? I just want the TACACS on the vty, console and aux lines.Thx

Hi all,our domain suffix is pippo.pluto.com (so pluto is the root and pippo is the child).There aren't any security permission setted.My ACS is on domain acs.pippo.pluto.com.I'm trying to configure on ACS the Database Group Mappings using as external...

Hi,We are usin ACS3.2 on W2000 server.Until there, we only had AAA client usin Radius protocol , and all was workin properly.Yesterday, we added PIX525 as aaa client usin TACACS+ (for command authorization).And now we have a bug with group setup:when...

I have Cisco ACS 3.2 appliance build 20.I upload VSA for Alcatel Devices and it didn't works.Now I want to delete this VSA and remove AccountActions.csv from the appliance. i tries the Action 351 in the AccountActions and it didn’t work.How can I rem...

Hi,after installing an ACS appliance, and reading the manual, I still wonder about some details. First, a few days after installing the ACS, suddenly I wasunable to log in via the web interface. I got the login page, but the login/password combinatio...

I am doing some testing with a new Windows 2003 server acting as domain controller. When a client on the inside of the PIX tries to log on to the Win 2003 server, logon fails. A sniffer trace shows the client issues a udp kerberos request for initi...