09-02-2008 02:22 AM - edited 03-10-2019 04:04 PM
I have a centralised ACS server running TACACS..
I want to set up a proxy server in a customer network, so their routers request TACACS authentication from this server.
However, I don't want any username/group details on this server, I want it to forward the request to our central ACS.
Do I need a full ACS application to do this on the customer server, or is there a cheap/free TACACS server that will just act as a proxy?
I've dug through the configs for the free Cisco TAC+ daemon, but it doesn't appear to do this...
Thanks in advance
Neil
09-02-2008 05:29 AM
Hi Neil,
Yes, we need to use full tacacs server to achieve it. Had this been radius we would have used some free radius but with tacas there is no option for cheap/free TACACS.
Regards,
~JG
Do rate helpful posts
09-02-2008 08:13 AM
Hi JG,
I'm looking at doing this with radius and was wondering if you have any links or docs on how this is done. Eg. Free radius at the external site and then ACS in our internal network doing the authentication process.
Thanks for any help.
Craig
09-02-2008 08:26 AM
Craig,
I beg to differ with JG. I think it can be done. Here is what I would do:
1- configure a Freeware TACACS at the customer
site. This should run on a Linux platform.
2- setup the Linux box to do "port-forwarding"
on tcp port 49 to your ACS Server,
3- setup your ACS server to accept connections
from the customer's network devices.
In this scenario, the linux Freeware tacacs
server will serve like a "pass-through" or
"proxy" the connection to your ACS server.
That being said, I've never tried it on ACS
Server but I've tried it on Linux Freeware
tacacs server where both my "pass-through"
tacacs server and central tacacs server are
running Freeware tacacs+ server
David
09-02-2008 08:58 AM
Craig,
Here is one I found for IAS. Concept remains the same for all radius.
http://technet.microsoft.com/en-us/library/cc739975.aspx
Regards,
~JG
Do rate helpful posts
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: