Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4548
Views
13
Helpful
2
Replies

ports for ACS

Go to solution
m.sir
Level 7
Level 7

‎02-07-2006 11:06 PM - edited ‎03-10-2019 02:27 PM

What ports are need to be open for ACS remote managemet , default port 2002 its clear, but communication than move to 3857 so any others???... Is there any list of required ports????

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andrewclymer
Level 1
Level 1

‎02-08-2006 01:00 AM

The way in which the Web server manages web sessions is using specific ports. By default this is random, which as you have observed creates an issue with firewalls.

You can restrict the range of ports used for sessions via

Administration Control -> Access Policy

Then down the bottom is a section called HTTP Configuration

Here you can configure the ports that can be used for administration sessions.

So 2002 is always used for the initial login, and then once sucesfull the admin will be placed on to one of these ports.

Only one admin per port, so only opening 2 ports means that only 2 admins can have concurrent access.

Once you have determined how many admins you want to have concurrent access, select an appropriate port range and open this up in your firewall as well.

View solution in original post

2 Replies 2

Go to solution
andrewclymer
Level 1
Level 1

‎02-08-2006 01:00 AM

The way in which the Web server manages web sessions is using specific ports. By default this is random, which as you have observed creates an issue with firewalls.

You can restrict the range of ports used for sessions via

Administration Control -> Access Policy

Then down the bottom is a section called HTTP Configuration

Here you can configure the ports that can be used for administration sessions.

So 2002 is always used for the initial login, and then once sucesfull the admin will be placed on to one of these ports.

Only one admin per port, so only opening 2 ports means that only 2 admins can have concurrent access.

Once you have determined how many admins you want to have concurrent access, select an appropriate port range and open this up in your firewall as well.

Go to solution
mheusinger
Level 10
Level 10
In response to andrewclymer

‎02-08-2006 07:18 AM

Hello,

Here is a list with different UDP and TCP ports used by the ACS:

Cisco Secure ACS Ports Usage

Service name - UDP Port

Dynamic Host Configuration Protocol (DHCP) - 68

RADIUS authentication and authorization (original draft RFC) - 1645

RADIUS accounting (original draft RFC) - 1646

RADIUS authentication and authorization (revised RFC) - 1812

RADIUS accounting (original draft RFC) - 1813

Service name - TCP Port

TACACS+ AAA - 49

Replication and RDBM synchronization - 2000

ACS remote logging - 2001

HTTP administrative access (at login) - 2002

ACS distributed logging (appliance only) - 2003

Administrative access (after login)

port range Configurable (default 1024-65535) ACS assigns unique port number from the range to each administration session

Hope this helps! Please rate all posts.

Regards, Martin

Customers Also Viewed These Support Documents