Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
785
Views
0
Helpful
2
Replies

remote proxy authentication with ACS

rbolyard
Level 1
Level 1

‎12-21-2004 08:27 AM - edited ‎03-10-2019 01:56 PM

Hello,

I have a Cisco Hardware ACS 3.2 behind a Pix 515E. I am trying to setup remote authentication from Sprints Dial-up authentication servers. I opened ports 1645 and 1646 from the outside to the ACS inside, but when they send a test, they get nothing in reply and I see nothing on ACS for failed or anything. Is there something I have to do on the Pix515E to allow these requests to get to the ACS on the inside network?

Thank you,

Rick

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎12-23-2004 08:14 PM

Radius works on ports 1645/1646 (older systems generally), and on the proper ports of 1812/1813 (initially Radius was given 1645/1646 to use but then IETF realised another system used it, so they changed the "official" Radius ports to 1812/1813 ata later date). Depending on what ports the Sprint dial-up system uses you will probably need to open up those ports through the PIX. ACS automatically listens on both 1645/1646 and 1812/1813 for Radius authentication requests.

0 Helpful

rbolyard
Level 1
Level 1
In response to gfullage

‎12-27-2004 07:23 AM

so far this is where we are, i had tcp and not udp ports open. i have made that change. Now they go thru the pix to the ACS. however they are trying to login with username@domain.ext and they only authenticate against the default group in the ACS. I am seeing if Sprint will try domain\username so that way it will go to the correct group and work.

0 Helpful
Customers Also Viewed These Support Documents