cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
configure & troubleshoot anyconnect
683
Views
0
Helpful
5
Replies
Beginner

Cisco ACS 5.1

Hi All,

I have ASA and I am using ACS server is a VM Ware applicance.

My question now is I would like to authenticate two different types of devices from a single Radius client.

Device 1 – Authenticating using Username and Password from Domain1 and Device Certificate from CA1

Device 2 – Authenticating using Username and Password from Domain 2 and User Certificate from CA2

Can a single Cisco ACS server be configured to do this? If not can 2 Cisco ACS servers be configured to do this bearing in mind it is a single Radius client which can only direct authentication traffic to a single Radius server?

Any update on this would be appriciated.

Thanks in advance.

Regards

Alex.

5 REPLIES 5
Enthusiast

Re: Cisco ACS 5.1

You can have ACS trust multiple CA's.

ACS can only be joined to one domain, but you can authenticate users on other domains if trusts have been established between those domains and the one to which ACS is joined.

Beginner

Re: Cisco ACS 5.1

HI Javier,

Thanks for the information provided.

Could you also provide me the link /documents on how to proceed on configuring or having this.

Regards

Alex

Beginner

Re: Cisco ACS 5.1

I am using EAP method as a local certificate for that CA which is been istalled on the ACS and that cert which is locally needs to be assigned to the EAP Protocol.

Hence to proceed further I want to authenticate EAP against  a second certificate authority. I can load a local certificate from this CA as well but the EAP protocol can only be assigned to one cert at a time so EAP authentication to this CA fails.

EG: I see the certificate cert1 under System Admin->Config -?Local certi -? Issueby cert1 protocol:EAP.

Is there any way to achive this?

Thanks in advance.
Highlighted
Cisco Employee

Re: Cisco ACS 5.1

Alex,

     You can add as may Root CAs as you would like to the certificate profile under Users and Identity Stores -> Certifiacte Authorities.   ACS does not need to be assigned multiple identity certificates to support different certificates from clients.

--Jesse

Beginner

Re: Cisco ACS 5.1

Alex,

under System Admin->Config -?Local certi -? Issueby cert1 protocol:EAP.

Yes EAP protocol can only be assigned to one cert at a time, that is ACS limitation