cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
532
Views
0
Helpful
2
Replies

Using ACS 5.2 to authenticate devices in the DMZ via a firewall

Eric R. Jones
Level 4
Level 4

I have an ACS 5.2 in our enclave that I need to authenticate a WS-6500 in our DMZ. It's passing through a McAfee (Sidewinder) S4016 firewall.

Has anyone had to create a rule in this firewall to allow AAA access?

I managed to get it to pass the log data to an inside log server but using the same method, with changes to port values and IP's, hasn't worked for the AAA device.

 

ej

2 Replies 2

TIM JUDGE
Level 1
Level 1

Are you using RADIUS or TACACS? To authenticate devices through a mainstream firewall, allow the network equipment to connect to the ACS on ports TCP & UDP 49 for TACACS, RADIUS will probably need UDP 1645 and 1646, maybe also UDP 1812 & 1813

I have the ports setup it's the FW policy that I'm having issues with.

when I attempt to login I'm watching the ACS logs and don't see connection attempt failures from the device. I was hoping someone with the same FW has gone through this so I could compare notes and see where I have gone astray in my rule configuration.

 

ej

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: