11-19-2010 01:16 AM - edited 03-10-2019 05:35 PM
Hi,
I have a FWSM blade in a 6506 chassis. I am testing the feasability of being able to have users connect through the firewall and authenticate with an RSA ACE (Auth Manager v6.1 for WIN). I spoke to RSA and the only feedback I received was "the FWSM is not supported by the RSA ACE". It also says this in the FWSM data sheet about SDI. Before I do a lot of setting up and testing is there any way I could get this hardware to work by having the Cisco ACS in between, as the Cisco ACS is supported by the RSA ACE. Note: these are all LAN users, no dial-in, no VPN users.
LAN User A Securid <> FWSM <Tacacs+ or Radius> Cisco ACS <SDI> RSA ACE (AM v6.1)
I found this ACS/RSA doc on the Cisco web site from 2006.
Link to FWSM AAA support:
http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/aaa_f.html
Any info would be much appreciated.
Regards
Ken
12-01-2010 08:11 PM
Ken,
Yes integrating an ACS do to the front end radius or tacacs authentication is supported if you want authentication to be handled by an RSA or some other external Radius server on the backend.
Here is the latest documentation for our ACS 5.2 product which is now supported in vmware, you can always install the software on a virtual machine and run our 90 day evaluation license if you are trying to use this as a proof of concept or want to get more familiar with the product.
This link on managing and external id store can be found here: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/users_id_stores.html#wp1053043
You can also use AD or ldap for attribute retreval in order to assign different policies for different levels of admins.
Let me know if you need help with anything else.
Thanks,
Tarik Admani
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide