I have to setup our ACS to authentication all administrative session on our telecom device. Based on our security policies all use need to be authenticate by a secured password and also a second component like a security token or something else.... At this this OK I see the ACS can work with external database user which can use OTP or security token.
My concern is about our user's management software CiscoWorks. Because Ciscoworks software use it's user credentiels to run most of management job in telecom device it's use must can be autheticate by the ACS. For second authentication factor, I would like to use the source IP address of the request (I know it's very basic, security feature, but I think it's the first step.... we are not using any certificate server...) The CiscoWorks user must not be used from other IP address of the CiscoWorks server... which in some part of the network was maybe NAT by FireWalls.... I would like to know if the source of the request is also transmis to the ACS and how I can make sure the authentication request came from CiscoWorks server IP address.
I use ACS SE software version 220.127.116.11-12, at this time.... because the version 5 does'nt support token authentification....
Thanks a lot !