Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 4.2 authentication using multiple external databases

Hi there.

We currently use ACS 4.2 for authentication of corporate users who are accessing the network in 2 different ways:

1) VPN client (via ASA5510)

2) Wireless (EAP-PEAP)

For all users who currently access the network via either of the above 2 methods, the Password Authentication under User Account settings in ACS is set to query an RSA SecurID Token Server.

We would like to try achieve the following in ACS:

  • IF an access request comes from the ASA (VPN clients), THEN we would like the user's password authentication to be handled by the RSA SecurID Token Server as it currently is.

  • IF an access request comes from the Wireless LAN controllers THEN we would like to use EAP-TLS authentication. (We are aware that we would obviously need to configure the WLC, clients, PKI infrastructure etc accordingly for eap-tls).

Does anyone have any best practice guidance, configuration guides or previous experience in differentiating the request sources and how they are handled by ACS?

Many thanks

1 REPLY
Silver

ACS 4.2 authentication using multiple external databases

Hello Malcom,

If you have ACS 4.2 you might want to implement Network Access Profiles:

http://www.cisco.com/en/US/partner/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/NAPs.html#wp1128143

or

http://tools.cisco.com/squish/5F591

This should be the best approach for you if using ACS 4.x.

If this was helpful please rate.

Regards.

550
Views
0
Helpful
1
Replies
CreatePlease to create content