user Authentication using radius

Unanswered Question
Apr 28th, 2010

Dear All,

Need suggestion on below requirment:

requirment:

User who will access network devices for managment purpose should be authenticated through tacacs(ACS server 1113)  and user who will access lan resources/application should be authenticated through Radius server.

I have a ACS 1113 appliance.

1. I have a firewall do i need to point it to radius server(windows server) directly for user authentication or to acs server for radius authentication?

2. If i need to point acs server how acs server will redirect the request to actual RADIUS server.

Regards

Amar

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Thu, 04/29/2010 - 05:03

You can configure 2 aaa-server, one radius server and the other tacacs server.

For management, you can configure the following to refer to the tacacs server:

aaa authentication http console

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/a1.html#wp1535834

I assume when you mention for user who wants to access internal LAN, it will be authentication for the vpn client connection? If that is correct, then you can assign the aaa-server under tunnel-group:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/a2.html#wp1629625

Hope that helps.

Actions

This Discussion