I want to use our production RSA server to authenticate users on Cisco device's for authorization. I need to find out how to setup the ACS and RSA so I can pass all user requests to RSA. I have ACS 1113 running 4.0?
I am able to get RSA to authenticate my user account, but now, can I dynamically assign users to proper groups based on AD group membership. Can I even do such a thing: check the group membership in AD and use RSA token for authentication.
Currently ACS only lets me choose one group where I can have all my RSA users in.
The only workaround I have found is manually mapping users to a different group once they have been cached in ACS. It does not scale to large environments, but if you have a static batch of users, it may work.
I finally remembered how I had accomplished this in the past. The reason I had asked was once I had done this scenario at a client site, but could not remember it. Over the weekend it finally came back to me. At this client site, I did not have an appliance, I had ACS for windows, and we had made the server a member server of the domain, it was able to grab all the AD groups, and we then sent the authentication to an RSA server. Plus dynamically map them to group in ACS.
Now since we have an appliance, I can?t have the ACS grab AD groups and authenticate against RSA.
This bites.... :(
Thanks again everyone. If anyone comes up with an alternative or a solution please let me know.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...