Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Does ACS include the NAS address in the payload?

When ACS communicates with another authentication server (eg: ACE), does it include the NAS or the user's address in the ip packet payload?

The reason for this question is that we want to use NAT between ACS and ACE. Obviously the NAT won't work if the real address is put in the payload.

Thanks in advance

2 REPLIES

Re: Does ACS include the NAS address in the payload?

If on ACS, ACE configured as an External Database, then ACS wont send NAS ip to ACE.

The communication between ACS and ACE will be based on Radius protocol, and ACS will be added as a Radius client on ACE.

If ACS is acting as a pure proxy radius server, and forwarding request to ACE, then payload will have NAS.

How to configure Radius Token Server as an External Database on ACS:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/UsrDb.html#wp356090

Regards,

Prem

Silver

Re: Does ACS include the NAS address in the payload?

The definitive answer is no - not for want you need.

External authentication to RSA doesnt include anything about the end-user except credentials.

RADIUS proxy does - but then you bypass ACS authentication & authorisation completely.

120
Views
5
Helpful
2
Replies