Network Access Control

Does anyboby know which are the ports that the ACS v3.0 on Windows2000/NT Server opens? This is because I have to open an access on a Firewall for people connecting to the ACS to manage it by browser.

i have a vpn client3.1 (w2k pro) on the one side and the pix 515 on the other side. for authentication i use the ias of w2k server as a radius client.establishing a tunnel works perfect with preshared keys, but how can i authenticate to the lan behin...

I have a W95 workstation using the VPN 3.5.1 client which connects to a PIX with no radius/tacacs authentication. The VPN client brings up a logon window which, if the username/password is typed correctly, all is well. If it's not typed correctly I...

Hi all,I'm trying to find a way to make my PIX perform an HTTP authentication on the port 8080.I thought that addind a fixup protocol entry for HTTP (fixup protocol http 8080) and an item in my authentication access-list would be sufficient, but I st...

Do you know of anyone who has successfully used the above configuration toconnect using MS Windows 2000 native L2TP/IPSec client with PAPauthentication (and machine certificate for IPSec authentication)?When we try it, it results in an err 691 , not ...

I set up two 3015 VPN concentrators at different locations that authenticate users via the same RADIUS and LDAP servers. On one concetrator I can authenticate users that are listed in my LDAP directories in the user@domain format. This does not wor...

Dear all,I am trying to set aaa on a GSR12000.CiscoSecure is running on Solaris 7.My problem is that a get an error message during in the initial authentication process and finally I can only log in with the local db of the router.Following the error...

Hi,I have a problem with authentication on ACS 2.6.1 (installed as a member server) vs. users listed in external Database "Windows NT domain".All the old and the new users works fine (also the copy), but if i rename a user on Windows NT domain contro...

Is anyone else getting the following error messages in the application log of Win2k with Cisco ACS 3.0 :Here is the info, Errors are seen in the Application Log with "Perflib" being the source:Error 1:ciscoacs: The data buffer created for the CSTacac...

Hi,We are doing some research for one of our customers.They would like to give remote users access via a VPN gateway with X.509 certificates (on smartcards) as authentication method.They recently purchased the Cisco PIX 515 for this.They are also loo...

When I attempt to INSTALL the new ACS 3.0 I am not able to get past the install splash screen. I amon an NT 4.0 / sp6a Server. Do we need to install an older version first and then upgrade to 3.0? Or can we install 3.0 without the old...

I have one router out of 40 that will show the aaa authen banner, accept user name, but on entering password will show the following:Username: test.userPassword:% Backup authenticationAccount has been tested and aaa config and IOS is same as all othe...

Hi, our customer is considering using a dedicated router to replace the conventional AAA server in an VPDN environment. that is, one Access server for dial-up connections, and one router for AAA. the customer is an ISP which provide dial-up access to...

Hi,We've Cisco ACS v2.3 on Solaris with about 100 users...I would like to know how you can retrieve, and the steps, the complete list of user from the ACS - Database...More...could anyone tell me if it's possible to convert the Db from UNIX to NT an...

I have gotten my dialup to work, however I am confused on my AAA configuration. I am using the following:aaa authentication login SECURE group radius localaaa authentication login NO_AUTHEN noneaaa authentication login LOCAL lineaaa authentication p...