Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1063
Views
5
Helpful
7
Replies

Enabling VSA option 26 in ACS v4.1

ramarao
Level 1
Level 1

‎09-11-2008 04:07 AM - edited ‎03-10-2019 04:04 PM

Hi,

I am not able to see option 26 (VSA) under Radius IETF.I can see the rest except for the VSA. I need to enable this as I am configuring non Cisco AAA client which is SonicWall 2040 Firewall.

Any Idea, pls advise.

Thank you

Labels:
0 Helpful
7 Replies 7

Premdeep Banga
Level 7
Level 7

‎09-11-2008 04:19 AM

You need to import the SonicWall Radius dictionary into ACS.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_CSUtil.html#wp365540

then create a AAA client using RADIUS (SonicWall).

then go to Interface Configuration, and make the Sonicwall attributes to appear under user/group configuration section.

This is how 26 is implement in ACS.

Regards,

Prem

Please rate if it helps!

0 Helpful

ramarao
Level 1
Level 1
In response to Premdeep Banga

‎09-11-2008 04:57 AM

Hi Prem,

Thanks for the update.

Is it the same procedure for ACS SE.

And, any chance for you to know how to import the radius dictionary. Is it imported directly from Sonicwall appliance.

Thank you

0 Helpful

Premdeep Banga
Level 7
Level 7
In response to ramarao

‎09-11-2008 05:07 AM

For ACS SE, please refer to,

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_RDBMS.html

For dictionary file, you may want to contact SonicWall support.

Regards,

Prem

Please rate if it helps!

0 Helpful

ramarao
Level 1
Level 1
In response to Premdeep Banga

‎09-11-2008 05:27 AM

Hi Prem,

The process looks very confusing and not straight forward.

I have also checked the sonicwall site, there are another option which uses attribute 11 (filter-id) for radius authentication.

Not sure whether it will work with Cisco ACS, have you / anyone tried before.

And, are there any option in ACS where we can set the authentication to PAP

Thank you

0 Helpful

ramarao
Level 1
Level 1
In response to ramarao

‎09-11-2008 06:30 AM

Hi,

Can NAC Attribute Management adds the SonicWall VSA?

Thank you

0 Helpful

Premdeep Banga
Level 7
Level 7
In response to ramarao

‎09-11-2008 07:07 AM

Actually, till the point you dont want to use the VSA from SonicWall you can use RADIUS(IETF) and should be able to authenticate fine. PAP needs to be configured on Sonic Wall. ACS can authenticate PAP,CHAP,MSCHAP1/2

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/Overvw.html#wp857274

If you need assistance in creating accountsaction.csv for sonicwall, you can get some help from TAC, get the disctionary file from SonicWall and pass it over to TAC.

Regards,

Prem

Please rate if it helps!

size57
Level 1
Level 1
In response to Premdeep Banga

‎02-10-2011 11:15 PM

HI All,

I am facing same difficulty for 3com routers, my vendor provided me couple files and asked to add in ACS server.I have ACS SE 4.2.

can you please tell me the procedure to add this .ini files to my ACS SE. I gone through user guide but confused.

Please hlp me providing procedure.

0 Helpful
Customers Also Viewed These Support Documents