Does ACS include the NAS address in the payload?

Unanswered Question
Oct 12th, 2007

When ACS communicates with another authentication server (eg: ACE), does it include the NAS or the user's address in the ip packet payload?

The reason for this question is that we want to use NAT between ACS and ACE. Obviously the NAT won't work if the real address is put in the payload.

Thanks in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Premdeep Banga Fri, 10/12/2007 - 06:03

If on ACS, ACE configured as an External Database, then ACS wont send NAS ip to ACE.

The communication between ACS and ACE will be based on Radius protocol, and ACS will be added as a Radius client on ACE.

If ACS is acting as a pure proxy radius server, and forwarding request to ACE, then payload will have NAS.

How to configure Radius Token Server as an External Database on ACS:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/UsrDb.html#wp356090

Regards,

Prem

darpotter Tue, 10/16/2007 - 00:05

The definitive answer is no - not for want you need.

External authentication to RSA doesnt include anything about the end-user except credentials.

RADIUS proxy does - but then you bypass ACS authentication & authorisation completely.

Actions

This Discussion