We are considering implementing ACS 3.1 in our environment and I am impressed with ACS so far but I've run in to one snag. I've configured ACS and I am able to authenticate to my routers via Safeword and AAA but passwords are being displayed in *** CLEAR TEXT ****. I did find a check box in Safeword that gives you the option to echo passwords but checking and unchecking this box makes no difference.
It is interesting to note that using the local ACS database and our Windows 2K active directory work correctly and does not echo the passwords. Safeword does work correctly and does not echo the password on any of our other NAS' like our VPN box. Any help is appreciated!!!
Do you mean that the password in echoed back on the screen of the telnet session to a router in clear text or the password is being send from the router in clear text to the ACS and then to the SDI server.
Is your VPN device talking to the SDI server directly via SDI protocol or thru ACs server using radius?
Thank you for your help! Yes, the password is being echoed back in clear text on the screen of the telnet session. I haven't sniffed the traffic yet to figure out if ACS is echoing the password or if Safeword is echoing the password. Our Contivity VPN server is talking directly to the Safeword server with a radius call on port 1812 as is our Neoteris appliance.
The NAS code version is: IOS 3600 12.2(12a), Release (fc1). The other NAS I'm trying is IOS MSFC Software C6MSFC-ISV-M, Version 12.1(1)EX. I will try your suggestion and see if the problem is also exhibited on my Catalyst switches but I'm thinking that the problem is with either Safeword or ACS since authentication to the local ACS database works correctly. I have a TAC and Safeword case open so hopefully I can resolve this last problem and can move ahead with the purchase of ACS. I'll update my post after I do more testing.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :