Network Access Control

I was told that the version of PIX OS (6.6.2) did not support a backup or secondary method for authentication when TACACS is used. Meaning that if the TACACS server was unavailable logging in was nearly impossible.Is this true and if so does v6.3 su...

Hi,I am using my PIX 535 (6.3) to authenticate users accessing the Internet. I have set the timeouts.Unfortunately they are acting somehow funny. Sometimes when a user is authenticated and changes the web page he is currently on, althought the timeou...

Hi,I have a pix firewall and I trying to use "downloadable ACL", I configured PIX and ACS conforms document:http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008010a206.shtml#howto2I verify that when a VPN Client connects,...

I'd like to know if, in future versions of the pix firewall software , it will be possible to store RSA public keys on the pix flash memory, to authenticate clients connecting to it via ssh using RSA public key authentication instead of a password.Th...

I can't find any information which is the "lowest and thus 1st version" of the ACS server that supports the 802.1x protocol.Anyone ?

I'm trying to configure a pix 515 running 6.2.1 to allow vpn client authentication through a windows NT 4 server running IIS with radius server.Currently I have it configured to allow pptp client connections and it works fine. Now I'm trying to conf...

Hi!Does anybody know why authentication always succeeds if I login to a router as "any_nonexistent_user" with the following config:aaa new-modelaaa authentication login test local noneline vty 0 4 login authentication testand doesn't succeed with the...

Hi,I am using the ACS as a radius proxy and I have verified that it always proxies requests on port 1645. Unfortunately my target Radius is listening only on port 1812, therefore it is not working.I know that you can modify the Server registries to f...

Is present: NAS on Cisco AS2511-RJ (IOS v 12.2 (19) file c2500-c-l.122-19.bin) (16 port with modems US Robotics Courier) and RAS on Windows 2000 server (8 port DigiNeo card with modems US Robotics Courier). Users may come both through NAS and through...

Hi!I am using local authorization. I have entered several commands with the privilege 7 command. I also included the copy running startup but when I try to save I see an error that says that the file is not present. When I use the privilege 15 I can ...

Hi,Following sceniario: user with certificate doing a vpn to vpn concentrator or pix. Authentication is made on ACS 3.2(2).VPN users are using certificates for authentication.When they connect, the certificate is asimilated with group in vpn conc. or...

I have IOS switches that I would like to use tacacs for authentication of the network admins.That is cionfigured and working.I am having trouble configuring a second form of authentication if TACACS servers aren't available. I would like to use the t...

I've modified the login module of Ciscoworks to leverage Tacacs+ authentication through my CiscoSecure server, but I haven't been able to map particular CiscoSecure user roles to Ciscoworks user roles. I can specifically create an account within Cis...

Hi,I am using a PIX 535 running version 6.3(1) and ACS to authenticate those users accessing the Internet.My problem is that I have set the ACS server to allow only one session per user at any point in time. However it seems that this setting is bein...

Hi,I've a W2K Server SP3 that is a member server of a domain on which is running ACS 3.2. I want to use 802.1X on wired/wireless with PEAP, so I've installed as specified in Cisco Docs the certificates on ACS, I've setup the External DB as AD for Ext...