Network Access Control

I'm trying to implement a vpn rollout (vpn software client to pix) and want to have the users authenticating against the windows 2000 active directory. Does anyone know how I would go about doing this? Any configuration examples would be greatly appr...

On our routers we can perform user command accounting. For example, we can get a log of the commands users enter in the routers from our ACS box.I haven't been successful in doing the same on the PIX. Instead, I've gotten all IP and and layer-4 Por...

I have configured my NAS (Cisco Router 3660) for RAS users via Tacacs+ (Cisco Freeware). I wish to configure my NAS in a way that some of the RAS users do not use Tacacs+ Authentication, but can connect only via Local Authentication, with separate Di...

I´m looking for a way of authenticating remote VPN clients against Novell NDS. The built in method in NDS is to use LDAP, but I don´t think either the PIX nor the Concentrator handles LDAP ?So, that leaves RADIUS as an option, which requires adding t...

Hi All,My customer wants to implement a redundant ACS system for authentication,which uses a redundant RSA ACE server for strong authentication of remote ISDN and PSTN dial users. I do have a number of questions whit this senario.# I have been trying...

To have a 3000 series concentrator authenticate a user with a Secure ID token do I need an ACS server to front end the SecureID server or will the concentrator talk straight to the Secure ID server?

Hi all,I'm trying to authenticate my Firewall-1 VPN users to Cisco Secure ACS 2.6. FW-1 ignores packets that have unnecessary attributes returned. I've turned off all attributes in the Interface Configuration screen but a snoop shows that the ACS box...

Hi,I have setup CSACS to authenticate router & switches, and wireless client authentication. In CSACS v2.6, there is a option to restrict user to certain NAS IP address. Using this feature, on Cisco router, I am able to setup RADIUS authentication th...

I am trying to configure RSA token authentication through a PIX firewall. Does anyone know if PIX supports next PIN mode through RADIUS, and what the configuration might be?

Am I right in assuming that the VPN3000 can only authenticate against NT servers or HYBRID Win2000 servers - NOT pure Active Directory (i.e. Kerberos)?If so, will MS IAS (Microsoft's free Radius server) allow me to authenticate indirectly against Act...

I am using Cisco Secure ACS 2.5 on NT to authenticate users connecting to a VPN 5001 concentrator (V5.2.19). ACS is configured to authenticate against an external DB (A windows NT Domain). Everything works fine until a user incorrectly enters their p...

We are trying to put an OWA Server for Exchange 2000 in the DMZ. We cannot logon to the domain when we have the server in the DMZ. What ports need to be opened or other configuration needs to be done to get authentication to work through the Pix.T...

I'm trying to authenticate users coming from an outside LAN through my PIX 520 to the inside. I have set up IAS on my win 2k server and when I look at event viewer it states that the user has been authenticated but the user is never authenticated th...

Hi everyone!!!I'd like to know if is possible ACS authenticate only LAN/WAN traffic.In other words if I can configure access-list profiles and configure a specific user or group in ACS for it or vice-versa.My cenario is follow:I have a separeted netw...

hello,I've a NAS configured with an IAS Radius server(W2K) installed. Everything is working fine except for callback. I'm using MS-chapv1 for authentication. When I specify a callback number in the user settings in the Active Directory, I receive a "...