10-08-2019 11:56 AM - edited 02-21-2020 09:46 PM
Hi,
I'm setting up Anyconnect on a new firepower deployment (6.4). My understanding is Anyconnect uses Radius. We have ACS 5.8 setup as TACACS+ server already. I read that Radius proxy on ACS can proxy to other authentication methods externally. So I'd like to clarify, I can't set up a Radius proxy to the TACACS+ on the ACS correct? Is there a workaround that doesn't require an external Radius server. Something that will allow Anyconnect to use ACS only? Thank you.
Solved! Go to Solution.
10-08-2019 12:46 PM
here is the good presentation to understand and implement the same,
https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/BRKSEC-2112.pdf
10-08-2019 12:00 PM
If I understand your requirement correctly, you want to Anyconnect user to use ACS as an authentication mechanism
Does intern ACS need to get authentication external source like LDAP ? is this correct?
10-08-2019 12:13 PM
Yes. I want Anyconnect to use ACS to authenticate VPN users. Currently ACS uses active directory for credentials.
10-08-2019 12:46 PM
here is the good presentation to understand and implement the same,
https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/BRKSEC-2112.pdf
10-08-2019 12:53 PM
I think I found out what I need to do. Looks like I need to just create a RADIUS instance pointing at AD. I will definitely be referencing that document you linked as well. Thanks.
10-08-2019 01:02 PM
Glad it was helpful if the solution offered to work and tested, mark as resolved.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide