The specific question I posted was on correct formatting of MACs, (because I couldn't find it) but the broader issue I am trying to piece together is devising a way to have different policies on my SE's that can:
a) Authenticate clients (three types):
1) Thin and dumb clients (non-OS based workstations), printers, copiers, scanners, etc. based on their MAC addresses (authenticating against the SE's internal database which I imported via RDBMS)and...
2) Directly wired and 3) wireless Windows XP machines (against an external database, specifically group membership in our AD domain).
b) User accounts: Specifically, our network management accounts (currently administrator accounts in our AD domain)used to manage network devices via SSH.
I am currently accomplishing all the above (except the dumb clients/MACs) using Microsoft IAS but (since we don't have schema admin rights in the domain) cannot do the MAC authentication with it so we're migrating to ACS's.
Reading through the user and config guides, I'm getting the drift that if I use the internal database (for the MAC authentication) then I'm locked into it - and then cannot then make another policy that looks to an external database for everything else.
If you've got any good leads, or reference materials, to expedite my search, I'd certainly appreciate it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...