We are in the process of migrating our VPN Authentication from Windows ACS 4.2 to 5.5. We currently utilize RSA and Windows Authentication for Authorization. We are able to integrate both Identity Stores to the new environment and are able to pull attributes for both cases from AD. Our original deployment had the user defined on the ACS as a local user and their Authentication method was defined in the ACS as well as their IP address/Group Memebership. We are now pulling this information from Active Directory without issues, therefore no local accounts/groups are defined in the ACS, it is simple the "middle man" for authentication and the ASA passes the tunnel group name to determine what Identity Store to reference for authentication, the AD attributes are handed back with IP address and group membership. My question is how can we run reports on specific groups if they are not created on the ACS? Is there a way to report on the Other_Attributes to get a report for a specific group of users, ie all of these users are part of the same group on the ASA and this value is handed back to the ACS via AD.
We are currently utilizing AAA reports currently, is there a newer version of this that could offer the same type of reports?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :