Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2219
Views
0
Helpful
2
Replies

ACS & PIX authentication

ytalibi
Level 1
Level 1

‎11-01-2001 09:41 AM - edited ‎02-21-2020 09:57 AM

We are running ACS 2.6 for authentication with a PIX515 ver 6.1

our customer want to authenticate users based on their Name, PassWord and IP

address or netbios name. we have configured the ACS to use the NT Database,

we belive that with this configuration the user is authenticated used just

his name and password without any restriction based on IP address or netbios

name.

please can you get us with any solution for our customer problem .

Labels:
0 Helpful
2 Replies 2

p.krane
Level 3
Level 3

‎11-07-2001 11:57 AM

When Authentication is configured on the PIX, the user attempts to get past the pix and is prompted for username & password authentication credentials. Those credentials are passed on to (in your case) Cisco Secure ACS and checked against the domain database. If okay, the PIX caches this username and password (see the show uauth command) along with the IP address of the authenticated host. When that source IP address hits the PIX again, no re-authentication will be necessary as long as his credentials are in the cache (timeout uauth adjusts these timers). Now you can go a step further and configure Authorization on the PIX and Cisco Secure ACS to limit the access the user has after authentication occurs. I’m pretty sure you can restrict his/her access based on source IP address among other authorizations. Here’s some reference and sample config URL's for both products:

http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Software:Cisco_Secure_ACS_NT

http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Hardware:PIX

0 Helpful

ytalibi
Level 1
Level 1
In response to p.krane

‎11-09-2001 12:45 AM

ok p.krane

but i have 600 users. therefore I must create 600 user on my ACS and 600 named acl on my pix.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents