About p.jacques

p.jacques · 10-29-2001

I'm run a ACS 2.4.3\NAS (radius) dial-in service, and when the dial-in user come in, they are authenticated and given a static IP. What I would like to do is also apply an outward-bound (on the NAS i/f) ACL that restricts the user to only going to de...

p.jacques · 10-30-2001

Not true, the NAS\ CAS sends the authentication requests to ACS on behalf of the user. If the NAS\ CAS is DHCPing prior to authentication, then the config is wrong.You can force the situation of authentication then DHCP, by making the ACS the dhcp se...

p.jacques · 10-29-2001

a) OK, let's put it another way, would the designer put NT Primary Domian Controller on the DMZ? No, of course he wouldn't, because the DMZ is accessible by all, and the device holds secure information.b) Not enough information to fully comment, but ...

p.jacques · 10-29-2001

Just turning radius on in the cisco does not turn accounting on, or authorisation on. So you need to make sure that the NAS config is built on "AAA new- model", and has the line "AAA accounting network start-stop radius". Please check the format of t...

p.jacques · 10-29-2001

Hmm, I'd have thought the radius retransmit would take care of this. Are you sure it's an error condition you are seeing, and not simply a NAK error?If the return code is a NAK error, there is no point in sending the packet again as the Ace Server wi...

Member Since	‎10-29-2001 02:39 PM
Date Last Visited	‎08-18-2017 03:50 AM
Posts	5

User Statistics

User Activity

ACS 2.4 (radius) & ACL

Re: Cisco Secure ACS

Re: AAA server placement. Inside or DMZ

Re: AAA accounting

Re: RADIUS to RSA ACE/server witch SecurId