Unanswered Question
Dec 29th, 2008
User Badges:

Is it possible for a Cisco device (router or switch) to authenticate to an ACS via an ASA utilizing a Network Address Translation. If so, what needs to be added to a config for this to take place.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Tue, 12/30/2008 - 05:55
User Badges:
  • Purple, 4500 points or more

Sure it can (we do it). You just need to translate from outside to inside. Here is an example, assume ACS is

static (inside,outside) access-list TACACS tcp 65535 10000

Since the static uses an ACL, here is that part as well-

access-list TACACS extended permit ip host host [public IP]

The public IP in our case is the internet router and it requires a static route for the private IP pointing to the firewall.

Hope that helps.


This Discussion