Solved: multiple remote agent

alex goshtaei · ‎01-07-2011

Hi All,

I've installed ACS 4 version. we have multiple device group which all of them use the same AD for authentication. we have created multiple NDG, now I need to create remote agent with the same IP address for each NDG but ACS doesn't let me to create multiple remote agent with the same IP address. how can I create multiple NDG, but all use the same remote agent?

thanks

Alex

andamani · ‎01-07-2011

Hi,

I am not sure if i understood your question properly. Anyway, i am defining my understanding below:

AAA clients are defined in the NDG on the ACS appliance.

ACS Appliance authenticates via AD.

ACS appliance needs RA to talk to AD.

Now in from your question, here is my understanding:

AAA Clients are defined in NDG. they are to authenticate via the AD. so to talk to AD we need to define RA per NDG.

Is that correct as your question?

If yes, then the flow is somewhat like this:

AAA Client sends authentication request.

The request reaches the ACS Appliance. For the appliance it is just a request no matter from where it comes. It sees that this has to be authenticated via the AD. inorder to do that it has to forward to the Remote Agent. so it will forward to Remote Agent which in turn will forward to the AD.

So, RA defination per NDG does not come into picture.

For reference purpose the link describing the NDG is as follows:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/NetCfg.html#wp342699

The link for Remote Agent is as follows:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/3.3/installation/guide/remote_agent/rawo.html.

I hope i have answered the question.

Regards,

Anisha

P.S.: Please mark this link resolved if you feel the query is answered.

View solution in original post

andamani · ‎01-07-2011

Hi,

I am not sure if i understood your question properly. Anyway, i am defining my understanding below:

AAA clients are defined in the NDG on the ACS appliance.

ACS Appliance authenticates via AD.

ACS appliance needs RA to talk to AD.

Now in from your question, here is my understanding:

AAA Clients are defined in NDG. they are to authenticate via the AD. so to talk to AD we need to define RA per NDG.

Is that correct as your question?

If yes, then the flow is somewhat like this:

AAA Client sends authentication request.

The request reaches the ACS Appliance. For the appliance it is just a request no matter from where it comes. It sees that this has to be authenticated via the AD. inorder to do that it has to forward to the Remote Agent. so it will forward to Remote Agent which in turn will forward to the AD.

So, RA defination per NDG does not come into picture.

For reference purpose the link describing the NDG is as follows:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/NetCfg.html#wp342699

The link for Remote Agent is as follows:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/3.3/installation/guide/remote_agent/rawo.html.

I hope i have answered the question.

Regards,

Anisha

P.S.: Please mark this link resolved if you feel the query is answered.

Jatin Katyal · ‎01-09-2011

Hello,

You do not need to create the same Remote agent entry in every NDG. Just create one entry for the ACS server in the Not assigned group and it would work as an agent for all NDGs.

What important here is to select the right remote agent under the external user database >> database configuration >> windows database >> remote agent selection.

Hope this helps.

Regards,

Jatin

~Do rate helpful posts.

~Jatin