12-31-2002 02:43 AM - edited 03-10-2019 07:05 AM
Hello
I have an ACS acting as a Radius Server for the remote users than want to connect to our AS5300. That ACS server is directly in Internet and I want to move it to a internal netwotk behind a PIX (performing NAT). I've done it but have problems with remote access. When I try to connect to it with IE (http://public_address:2002) the connection is refused as I cannot get to the internal address (192.168.x.y). In fact, the internal address is shown. How can I avoid this? Is there any way to tell the ACS server that NAT is being performed
Thank you in advance
12-31-2002 09:13 PM
ACS will not really care about NAT.. You just need to configure PIX firewall to perform NAT from public to privet ip address and also with port re-direction.
The firewall must allow HTTP traffic across the range of ports that Cisco Secure ACS is configured to use. You can control the HTTP port range using the HTTP port allocation feature.
Here is the link which will help you for that.
Also for static NAT and port redirection, visit
01-05-2003 06:57 PM
The GUI in ACS versions 3.0(2) and higher will work thru a NAT device properly.
As the previous person said, make sure you set it up to only use certain ports after you login (Admin Control - Access Policy), then just allow those specific ports thru the firewall.
01-29-2003 12:34 PM
Ok
Thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide