04-02-2015 12:35 PM
I have an ACS 5.2 in our enclave that I need to authenticate a WS-6500 in our DMZ. It's passing through a McAfee (Sidewinder) S4016 firewall.
Has anyone had to create a rule in this firewall to allow AAA access?
I managed to get it to pass the log data to an inside log server but using the same method, with changes to port values and IP's, hasn't worked for the AAA device.
ej
04-06-2015 06:41 AM
Are you using RADIUS or TACACS? To authenticate devices through a mainstream firewall, allow the network equipment to connect to the ACS on ports TCP & UDP 49 for TACACS, RADIUS will probably need UDP 1645 and 1646, maybe also UDP 1812 & 1813
04-06-2015 02:34 PM
I have the ports setup it's the FW policy that I'm having issues with.
when I attempt to login I'm watching the ACS logs and don't see connection attempt failures from the device. I was hoping someone with the same FW has gone through this so I could compare notes and see where I have gone astray in my rule configuration.
ej
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide