Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1347
Views
5
Helpful
5
Replies

Anyconnect/Firepower/ACS/Tacacs+/Radius?

Go to solution
Larry Sullivan
Level 3
Level 3

‎10-08-2019 11:56 AM - edited ‎02-21-2020 09:46 PM

Hi,

 

I'm setting up Anyconnect on a new firepower deployment (6.4).  My understanding is Anyconnect uses Radius.  We have ACS 5.8 setup as TACACS+ server already.  I read that Radius proxy on ACS can proxy to other authentication methods externally.  So I'd like to clarify, I can't set up a Radius proxy to the TACACS+ on the ACS correct?  Is there a workaround that doesn't require an external Radius server.  Something that will allow Anyconnect to use ACS only?  Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Larry Sullivan

‎10-08-2019 12:46 PM

here is the good presentation to understand and implement the same,

 

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/BRKSEC-2112.pdf

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎10-08-2019 12:00 PM

If I understand your requirement correctly, you want to Anyconnect user to use ACS as an authentication mechanism

 

Does intern ACS need to get authentication external source like LDAP ? is this correct?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Larry Sullivan
Level 3
Level 3
In response to balaji.bandi

‎10-08-2019 12:13 PM

Yes.  I want Anyconnect to use ACS to authenticate VPN users.  Currently ACS uses active directory for credentials.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Larry Sullivan

‎10-08-2019 12:46 PM

here is the good presentation to understand and implement the same,

 

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/BRKSEC-2112.pdf

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Larry Sullivan
Level 3
Level 3
In response to balaji.bandi

‎10-08-2019 12:53 PM

I think I found out what I need to do.  Looks like I need to just create a RADIUS instance pointing at AD.  I will definitely be referencing that document you linked as well.  Thanks.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Larry Sullivan

‎10-08-2019 01:02 PM

Glad it was helpful if the solution offered to work and tested, mark as resolved.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents