Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1050
Views
0
Helpful
1
Replies

Firewall failover pair in CSM with ACS integration

jason.williams
Level 1
Level 1

‎06-08-2011 06:54 AM - edited ‎02-21-2020 04:22 AM

I just need to confirm something.  I'm setting up CSM 4.0.1 and I'm using ACS integration.  From the documentation, I need to have each firewall/firewall context as a separate entry in ACS.  I also see that it says that you only need to configure the primary unit on CSM.

I need ACS to perform authentication for the firewall pair.  So here's my question:

How do I configure the pair in ACS?  Do I make one entry using the <devicename>_<contextname> name and then enter both IP addresses?  Or do I create separate entries and give the secondary a different name?

Thanks.

Jason

0 Helpful
1 Reply 1

Stefano De Crescenzo
Cisco Employee
Cisco Employee

‎06-08-2011 10:23 AM

Hi Jason,

you need two separates entries. The primary one (the one that is added to CSM) needs to be added in ACS with the exact display name as in CSM (system) and each context as you mentioned before.

For the secondary unit, if you need authentication via ACS you can add with whatever name you want. In fact for RADIUS authentication for user what the ACS is checking for the matching is the IP address not the hostname. (this is different when we speak about CSM authorization for which we check the hostname and not the ip address)

Hope it helps

Stefano

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card