Configuring Cisco ACS 5.1 with Juniper Netscreen Firewall wit Ra

sovan1984 · ‎11-14-2011

Hello,

Can anybody tell me the step-by-step configuration of Cisco ACS 5.1, to configured it with Juniper Netscreen Firewall for radius & tacacs+ authentication and authorization?

I am able to configure this with Cisco ACS 4.2 with customise VSA file but can't understand how to configure it on ACS 5.1.

Thanks in Advance.

Eduardo Aliaga · ‎11-14-2011

To integrate "not Cisco" TACACS devices I use "Shell profiles" (Policy Elements > Authorization and Permissions > Device Administration > Shell Profiles )

If you tell me how you do it on ACS 4.2 maybe I can "translate" it to ACS 5.x

rpatnaik · ‎04-12-2012

Hi Eduardo,
Can you tell me how to map ACS 4.2?

service=junos-exec

local-user-name=Engineering

Into the new "shell profiles" on ACS 5.2? How do I verify these attributes are passed onto ACS 5.2? I don't have access to a sniffer or tap nor do I have writes on this box. I have to instruct our systems folks to investigate. It has been a back and forth battle.

Also, I'd like to see where I'd map this on ACS 5.2. Keep in mind in both cases I have a JUNOS config mapping to a login user Engineer and operations respectively.

local-user-name=opertions

allow-commands=((^ping *)|(^mtrace *)|(^traceroute *)|(^monitor *))

Javier Henderson · ‎11-14-2011

With ACS 5, to send custom A/V pairs you need to create a new shell profile, then add the A/V pairs there, finally associate the shell profile with an authorization policy.

Configuring Cisco ACS 5.1 with Juniper Netscreen Firewall wit Radius & Tacacs+