I'm setting up auth-proxy to authenticate http outbound users. I'm reading that auth-proxy requires ACS, to pass user ACL/attributes. I could auth locally, but I would really like to use RADIUS or TACACS, ACS is way out of my budget, is there, or has anyone used an alternative, that will work with auth-proxy.
Thanks for the info. Actually I had this working with local, but I wanted to do it via radius. I did manage to find a radius server that I got working authenticating my vpn and auth-proxy,I just didnt want to spend a gazillion dollars on ACS but I found somthing that works and at a decent price. thanks for your efforts! appreciated.
I'm running into a similar situation, the need for A.P. services but the inability to invest in a CSACS server at the moment. Locally authenticated auth-proxy lacks any of its richer features, so I am in the process of looking over alternative solutions.
If you don't mind me asking, what did you find provided you with the features you needed at a more reasonable price? I have looked into using a pure IAS solution as well as a few other open source radius implementations. I was hoping to get some feedback before I began pursuing either of these options.
I found all I really wanted was some form of user log-in. I didnt need all the features offered by ACS, I did play around for a bit with auth-proxy, using freeRADIUS. FreeRADIUS is a great open source RADIUS server, but is definetly a little more difficult to setup. I switched over from XP to linux, in or to do so. Thus there was more work involved. eventually I ended up getting auth-proxy/FreeRADIUS to work for me, supplying a basic user login to access the network. although I eventually found auth-proxy to be a bit limited with what i could do with it. The problem I faced was that since the cisco was doing my routing, I needed to find somthing to provide a "captive portal" and do it in bridge mode so I could just stick it between my cisco and my network. I ended up going with Zeroshell, an open source router/firewall/etc which has a captive portal amongst other things you may find handy. I installed it an a ALIX board, and I'm running it in bridge mode, using just the captive portal. Like I said, this is just so I can have a basic user portal for network access, any deeper authentication services, such as device authentication/auditing, etc. this may not be able to help you. As far as I could tell, there really wasnt an alterntive for ACS to use. Take a look at Zeroshell, it may be helpful, it does quite a bit more than I'm using. it's still somewhat in development, but it's active development, and it seems to be on the road to being quite usefull.
hope this helps.
If you just need a basic RADIUS services, check out freeradius, I think it's pretty tough to get running on windows if thats your platform. if you run windows, I found clearbox radius server to be quite good, ease of use, and pretty well priced.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :