Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1942
Views
4
Helpful
4
Replies

Proxying TACACS

random_camden
Level 1
Level 1

‎09-02-2008 02:22 AM - edited ‎03-10-2019 04:04 PM

I have a centralised ACS server running TACACS..

I want to set up a proxy server in a customer network, so their routers request TACACS authentication from this server.

However, I don't want any username/group details on this server, I want it to forward the request to our central ACS.

Do I need a full ACS application to do this on the customer server, or is there a cheap/free TACACS server that will just act as a proxy?

I've dug through the configs for the free Cisco TAC+ daemon, but it doesn't appear to do this...

Thanks in advance

Neil

Labels:
0 Helpful
4 Replies 4

Jagdeep Gambhir
Level 10
Level 10

‎09-02-2008 05:29 AM

Hi Neil,

Yes, we need to use full tacacs server to achieve it. Had this been radius we would have used some free radius but with tacas there is no option for cheap/free TACACS.

Regards,

~JG

Do rate helpful posts

craig.eyre
Level 1
Level 1
In response to Jagdeep Gambhir

‎09-02-2008 08:13 AM

Hi JG,

I'm looking at doing this with radius and was wondering if you have any links or docs on how this is done. Eg. Free radius at the external site and then ACS in our internal network doing the authentication process.

Thanks for any help.

Craig

0 Helpful

cisco24x7
Level 6
Level 6
In response to craig.eyre

‎09-02-2008 08:26 AM

Craig,

I beg to differ with JG. I think it can be done. Here is what I would do:

1- configure a Freeware TACACS at the customer

site. This should run on a Linux platform.

2- setup the Linux box to do "port-forwarding"

on tcp port 49 to your ACS Server,

3- setup your ACS server to accept connections

from the customer's network devices.

In this scenario, the linux Freeware tacacs

server will serve like a "pass-through" or

"proxy" the connection to your ACS server.

That being said, I've never tried it on ACS

Server but I've tried it on Linux Freeware

tacacs server where both my "pass-through"

tacacs server and central tacacs server are

running Freeware tacacs+ server

David

0 Helpful

Jagdeep Gambhir
Level 10
Level 10
In response to craig.eyre

‎09-02-2008 08:58 AM

Craig,

Here is one I found for IAS. Concept remains the same for all radius.

http://technet.microsoft.com/en-us/library/cc739975.aspx

Regards,

~JG

Do rate helpful posts

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents