I've setup an Appliance, with a Remote Agent which is a member server of the domain (still NT).
Then I've configured the steps to delegate the auth to the External DB but every time I tried to test with a login on the switch, the Failed Attempt log on the ACS states:
"Windows logon type not granted" !!!!
If I change the WIN Auth Configuration on ACS setting the domain LOCAL (local to the server on which is installed the Remote Agent) instead of the real domain...using the local ADMIN account I've been able to login...
Thanks..in effect yesterday I've checked the winagent log on the Agent ACS on my W2K machine and I've find out some error regarding that authentication was successful but the dial-in permission could not have been read (this was the cause of the windows logon type no granted)
Instead of associating the process CSAgent to a common user...as it is stated on the Installation and configuration Guide of ACS Agent...I've used a user that have Administrative rights and all is working correctly...
see also this link (problem known also on ACS for Windows)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...