11-29-2016 07:56 AM - edited 03-11-2019 12:15 AM
Has anyone had luck doing this? We have a working RSA with DACL for 2 factor, but moving to new firewalls, with Anyconnect and Cut Through Proxy, and want to use PINGid to authenticate.
So far I got Cut Through working, but the radius requests get to ACS and are not being forwarded to the PINGid server. I am missing something but don't know what.
Not able to find documentation, and I did not set up the RSA DACL on the ACS, but using what is configured as a template. Looks like I am missing the point that directs to the PING Radius, and can't seem to figure it out.
Any one done this before?
11-30-2016 01:41 AM
Hi,
If you want to configure Radius Proxy on the ACS, please have a look at
"RADIUS Proxy Requests" section in the following document:
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-2/user/guide/acsuserguide/common_scenarios.html#wp1153241
Regards,
Kush
11-30-2016 06:01 AM
Thanks, I had looked into that already and it doesn't have the ability to apply DACL to the user, which is the reason we are trying to do that. We have a working RSA, but trying to move away from it to PING.
I opened a case with TAC, just waiting for them to get back now.
12-27-2016 09:28 AM
Resolved for the most part. Order of the universe was the issue. well, actually order of the application. Found where I had the order wrong, moved it up and it started working. Have a different issue trying to get worked out, but this one is good for the most part.
Answer is, yes it works.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide