Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Remote Administration of ACS Server behind a PIX Firewall

Hello

I have an ACS acting as a Radius Server for the remote users than want to connect to our AS5300. That ACS server is directly in Internet and I want to move it to a internal netwotk behind a PIX (performing NAT). I've done it but have problems with remote access. When I try to connect to it with IE (http://public_address:2002) the connection is refused as I cannot get to the internal address (192.168.x.y). In fact, the internal address is shown. How can I avoid this? Is there any way to tell the ACS server that NAT is being performed

Thank you in advance

3 REPLIES
Cisco Employee

Re: Remote Administration of ACS Server behind a PIX Firewall

ACS will not really care about NAT.. You just need to configure PIX firewall to perform NAT from public to privet ip address and also with port re-direction.

The firewall must allow HTTP traffic across the range of ports that Cisco Secure ACS is configured to use. You can control the HTTP port range using the HTTP port allocation feature.

Here is the link which will help you for that.

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt30/user/o.htm#xtocid1043731

Also for static NAT and port redirection, visit

http://www.cisco.com/warp/public/707/28.html

Cisco Employee

Re: Remote Administration of ACS Server behind a PIX Firewall

The GUI in ACS versions 3.0(2) and higher will work thru a NAT device properly.

As the previous person said, make sure you set it up to only use certain ports after you login (Admin Control - Access Policy), then just allow those specific ports thru the firewall.

New Member

Re: Remote Administration of ACS Server behind a PIX Firewall

Ok

Thank you

209
Views
0
Helpful
3
Replies
CreatePlease to create content