We are trying to migrating from ACS 4.2 to 5.1. Abandoned trying to use the migrate utility when we ran into errors trying to use it and TAC said it was an unsupported utility. Amazing that no where in the manual did I see "Unsupported" mentioned.
One of the main things we are trying to do is to use a subnet or wildcard mask like we did in 4.2. For example, I have a network group rule in 4.2 that would allow 10.*.255.* to be authenticated by Tacacs using a particular given secret. I dont see a way that I can do this in ACS 5.1. I have to go from one rule for all of my edge routers to almost 100 rules since there doesnt appear to be a way to do this. I understand that the * is no longer supported but there doesnt seem to be a way to use a wildcard mask to minimize the number of rules it looks like I will have. This is just for the routers. I also have a host of switches, AP's and specialized network devices that I need to use a different shared secret for each type of device. In some cases I may have more than one type of network device int he same subnet range and need a different shared secret.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...