cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
878
Views
0
Helpful
1
Replies

Firewall failover pair in CSM with ACS integration

jason.williams
Beginner
Beginner

I just need to confirm something.  I'm setting up CSM 4.0.1 and I'm using ACS integration.  From the documentation, I need to have each firewall/firewall context as a separate entry in ACS.  I also see that it says that you only need to configure the primary unit on CSM.

I need ACS to perform authentication for the firewall pair.  So here's my question:

How do I configure the pair in ACS?  Do I make one entry using the <devicename>_<contextname> name and then enter both IP addresses?  Or do I create separate entries and give the secondary a different name?

Thanks.

Jason

1 Reply 1

Stefano De Crescenzo
Cisco Employee
Cisco Employee

Hi Jason,

you need two separates entries. The primary one (the one that is added to CSM) needs to be added in ACS with the exact display name as in CSM (system) and each context as you mentioned before.

For the secondary unit, if you need authentication via ACS you can add with whatever name you want. In fact for RADIUS authentication for user what the ACS is checking for the matching is the IP address not the hostname. (this is different when we speak about CSM authorization for which we check the hostname and not the ip address)

Hope it helps

Stefano

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers