user Authentication using radius

Unanswered Question
Apr 28th, 2010
User Badges:

Dear All,


Need suggestion on below requirment:


requirment:

User who will access network devices for managment purpose should be authenticated through tacacs(ACS server 1113)  and user who will access lan resources/application should be authenticated through Radius server.

I have a ACS 1113 appliance.


1. I have a firewall do i need to point it to radius server(windows server) directly for user authentication or to acs server for radius authentication?


2. If i need to point acs server how acs server will redirect the request to actual RADIUS server.


Regards

Amar

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Thu, 04/29/2010 - 05:03
User Badges:
  • Cisco Employee,

You can configure 2 aaa-server, one radius server and the other tacacs server.


For management, you can configure the following to refer to the tacacs server:

aaa authentication http console


http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/a1.html#wp1535834


I assume when you mention for user who wants to access internal LAN, it will be authentication for the vpn client connection? If that is correct, then you can assign the aaa-server under tunnel-group:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/a2.html#wp1629625


Hope that helps.

Actions

This Discussion