Add the ip address of the ASA on the ACS which is 192.168.1.4 and shared secret key which is CISCO123:
Creating a rule in Default Network Access policy
1.select an identity store (means define whether users are internal to ACS or in external database)
2. Authorization policy: (allowing permit or deny access)
Test with CLI:
You can use the test command on the command line in order to test your AAA setup. A test request is sent to the AAA server, and the result appears on the command line.
ciscoasa#test aaa-server authentication RADIUS host 192.168.1.2
username cisco password cisco123INFO: Attempting Authentication test to IP address <192.168.1.2>
(timeout: 12 seconds)
INFO: Authentication Successful
Run the following command to see the debugs:
#Debug aaa common 255
ACS 5.5 secondary registration - Registration failed due to Invalid Certificate
When you enable Trust Communication on your primary and secondary ACS instance, and you register the secondary instance with the primary, both the primary and secondary instance check the CA and server certificates of each other. After the certificates are verified: – If the certificates in both the primary and secondary ACS instances are valid certificates, the instances establish a secure tunnel between them and register the secondary instance to the primary.
I don't think it supports self-signed certificate however you can try installing the self-signed certificate of Primary in the secondary instance CA store and self signed certificate of secondary in the primary instance CA store.
Please post comments if there are any queries and rate if useful.
I'm exploring VXLANs for the first time and have found out that my ASA5555-X firewalls do support it. They're running 9.8(3) code.My use case is better explained using diagrams. The first one is how things look now:Today, the servers are in different subn...
ASA Multi-Context virtualizes single hardware and transforms it into multiple small firewalls which can help the enterprise to segment their networks efficiently and manage effectively. Similarly, service providers leverage this to provide firewall servi...
Dear Team,We have procured Cisco ISR 4331 router with Security-K9 license. We would like to know how to configure SSL-VPN on Cisco ISR 4331 router. If SSL VPN is not available then what is the alternate option to provide ...
Can two M690 models be configured to manage WSAs in Site1 as well as Site2?
Kindly advise as enabling both SMAs to manage the same WSAs would be beneficial for a robust redundant setup?
Refer attached diagram of what customer is trying to do...
I have a customer who is looking to implement a search feature for a Self-Registered Portal, where the "Person being visited" field populates with some autocomplete-style results.
Last I heard, this was scheduled to be implemented in ISE 2.7, b...