cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
876
Views
0
Helpful
3
Replies

Using Ping Identity with ACS and Cut Through Proxy for 2 Factor

tahscolony
Level 1
Level 1

Has anyone had luck doing this?  We have a working RSA with DACL for 2 factor, but moving to new firewalls, with Anyconnect and Cut Through Proxy, and want to use PINGid to authenticate.

So far I got Cut Through working, but the radius requests get to ACS and are not being forwarded to the  PINGid server.  I am missing something but don't know what.

Not able to find documentation, and I did not set up the RSA DACL on the ACS, but using what is configured as a template. Looks like I am missing the point that directs to the PING Radius, and can't seem to figure it out.

Any one done this before?

3 Replies 3

kushsriva
Level 1
Level 1

Hi,

If you want to configure Radius Proxy on the ACS, please have a look at

"RADIUS Proxy Requests" section in the following document:


http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-2/user/guide/acsuserguide/common_scenarios.html#wp1153241

Regards,

Kush

Thanks, I had looked into that already and it doesn't have the ability to apply DACL to the user, which is the reason we are trying to do that. We have a working RSA, but trying to move away from it to PING.

I opened a case with TAC, just waiting for them to get back now.

tahscolony
Level 1
Level 1

Resolved for the most part. Order of the universe was the issue. well, actually order of the application. Found where I had the order wrong, moved it up and it started working.  Have a different issue trying to get worked out, but this one is good for the most part.

Answer is, yes it works.