Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

user Authentication using radius

Dear All,

Need suggestion on below requirment:

requirment:

User who will access network devices for managment purpose should be authenticated through tacacs(ACS server 1113)  and user who will access lan resources/application should be authenticated through Radius server.

I have a ACS 1113 appliance.

1. I have a firewall do i need to point it to radius server(windows server) directly for user authentication or to acs server for radius authentication?

2. If i need to point acs server how acs server will redirect the request to actual RADIUS server.

Regards

Amar

1 REPLY
Cisco Employee

Re: user Authentication using radius

You can configure 2 aaa-server, one radius server and the other tacacs server.

For management, you can configure the following to refer to the tacacs server:

aaa authentication http console

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/a1.html#wp1535834

I assume when you mention for user who wants to access internal LAN, it will be authentication for the vpn client connection? If that is correct, then you can assign the aaa-server under tunnel-group:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/a2.html#wp1629625

Hope that helps.

280
Views
0
Helpful
1
Replies
CreatePlease to create content