cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

663
Views
0
Helpful
1
Replies
Highlighted
Beginner

Firewall failover pair in CSM with ACS integration

I just need to confirm something.  I'm setting up CSM 4.0.1 and I'm using ACS integration.  From the documentation, I need to have each firewall/firewall context as a separate entry in ACS.  I also see that it says that you only need to configure the primary unit on CSM.

I need ACS to perform authentication for the firewall pair.  So here's my question:

How do I configure the pair in ACS?  Do I make one entry using the <devicename>_<contextname> name and then enter both IP addresses?  Or do I create separate entries and give the secondary a different name?

Thanks.

Jason

1 REPLY 1
Highlighted
Cisco Employee

Re: Firewall failover pair in CSM with ACS integration

Hi Jason,

you need two separates entries. The primary one (the one that is added to CSM) needs to be added in ACS with the exact display name as in CSM (system) and each context as you mentioned before.

For the secondary unit, if you need authentication via ACS you can add with whatever name you want. In fact for RADIUS authentication for user what the ACS is checking for the matching is the IP address not the hostname. (this is different when we speak about CSM authorization for which we check the hostname and not the ip address)

Hope it helps

Stefano