Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
368
Views
5
Helpful
2
Replies

Add FW IP in ACS 5.4

johnlloyd_13
Level 9
Level 9

‎06-13-2017 10:29 PM - edited ‎03-12-2019 02:35 AM

hi,

just a quick one, if adding an ASA active-standby FW in ACS 5.4, do i just create a single entry?

meaning I only add a device using the 'active' IP address?

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-14-2017 12:18 AM

It depends.

If you ever expect to log into the standby unit, then you will need to add the source IP it will be using to communicate to your ACS server. This could be a standby IP address on you inside interface, the management address etc. - depending on how your system is setup. 

We seldom need to log into the standby unit directly, but when we do it's generally for something important. So it's good to have the capability covered in your AAA implementation. 

johnlloyd_13
Level 9
Level 9
In response to Marvin Rhoads

‎06-14-2017 02:18 AM

hi marvin,

i just want to lock down ASA devices by the ACS policy where you can't execute service impacting commands, like 'reload', 'write erase' etc.

i would just add the 'standby' IP just to make sure both A/S FW pair are covered.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card