My customer wants to implement a redundant ACS system for authentication,which uses a redundant RSA ACE server for strong authentication of remote ISDN and PSTN dial users. I do have a number of questions whit this senario.
# I have been trying to emulate the remote access scenario using a Cisco 2600 router (12.0.10)with an ISDN Basic Rate Interface and the ACE 5 server.I have attached a config and it seems to work for local access onto the Aux port or Dial in using the windows dial up client without a post dial terminal window (i.e. I enter the PIN and tokencode in the password box of the dial client. However, when I implement the post dial terminal window (so that I can use next token mode and new pin mode) the client connects to the router but I do not get any meaningful text in the post dial window (I would expect a username/ passcode prompt) I just get ascii garbage. Do you know if this works with next token code and new pin mode (ala post dial terminal window) terminating on an ISDN BRI interface and if so why is it not working? I have tried this on Win 2K and 95.
#How can I support redundant multilink ISDN in this senario? Do I need to implement Token chaching and if so is this supported in ACS 2.6 for windows?
#Can I support redundant ACE servers if I am integrating the authentication with Cisco Secure Access Control Server (i.e. The authentication goes first to ACS which passes it on to ACE server)or am I limited to a single ACE server if I use ACE. If I can use redundant ACE servers how is this handled within ACS?
My router config is given below the IOS is 12.0.10 and the platform is a 2600.
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
aaa authentication login radius-login radius local
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :