cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
257
Views
0
Helpful
2
Replies
Highlighted
Participant

Using ACS 5.2 to authenticate devices in the DMZ via a firewall

I have an ACS 5.2 in our enclave that I need to authenticate a WS-6500 in our DMZ. It's passing through a McAfee (Sidewinder) S4016 firewall.

Has anyone had to create a rule in this firewall to allow AAA access?

I managed to get it to pass the log data to an inside log server but using the same method, with changes to port values and IP's, hasn't worked for the AAA device.

 

ej

2 REPLIES 2
Highlighted
Beginner

Are you using RADIUS or TACACS? To authenticate devices through a mainstream firewall, allow the network equipment to connect to the ACS on ports TCP & UDP 49 for TACACS, RADIUS will probably need UDP 1645 and 1646, maybe also UDP 1812 & 1813

Highlighted

I have the ports setup it's the FW policy that I'm having issues with.

when I attempt to login I'm watching the ACS logs and don't see connection attempt failures from the device. I was hoping someone with the same FW has gone through this so I could compare notes and see where I have gone astray in my rule configuration.

 

ej

Content for Community-Ad