Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
428
Views
5
Helpful
2
Replies

Does ACS include the NAS address in the payload?

dfariborz
Level 1
Level 1

‎10-12-2007 12:36 AM - edited ‎03-10-2019 03:26 PM

When ACS communicates with another authentication server (eg: ACE), does it include the NAS or the user's address in the ip packet payload?

The reason for this question is that we want to use NAT between ACS and ACE. Obviously the NAT won't work if the real address is put in the payload.

Thanks in advance

Labels:
0 Helpful
2 Replies 2

Premdeep Banga
Level 7
Level 7

‎10-12-2007 06:03 AM

If on ACS, ACE configured as an External Database, then ACS wont send NAS ip to ACE.

The communication between ACS and ACE will be based on Radius protocol, and ACS will be added as a Radius client on ACE.

If ACS is acting as a pure proxy radius server, and forwarding request to ACE, then payload will have NAS.

How to configure Radius Token Server as an External Database on ACS:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/UsrDb.html#wp356090

Regards,

Prem

darpotter
Level 5
Level 5

‎10-16-2007 12:05 AM

The definitive answer is no - not for want you need.

External authentication to RSA doesnt include anything about the end-user except credentials.

RADIUS proxy does - but then you bypass ACS authentication & authorisation completely.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents