Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS & PIX authentication

We are running ACS 2.6 for authentication with a PIX515 ver 6.1

our customer want to authenticate users based on their Name, PassWord and IP

address or netbios name. we have configured the ACS to use the NT Database,

we belive that with this configuration the user is authenticated used just

his name and password without any restriction based on IP address or netbios

name.

please can you get us with any solution for our customer problem .

2 REPLIES
New Member

Re: ACS & PIX authentication

When Authentication is configured on the PIX, the user attempts to get past the pix and is prompted for username & password authentication credentials. Those credentials are passed on to (in your case) Cisco Secure ACS and checked against the domain database. If okay, the PIX caches this username and password (see the show uauth command) along with the IP address of the authenticated host. When that source IP address hits the PIX again, no re-authentication will be necessary as long as his credentials are in the cache (timeout uauth adjusts these timers). Now you can go a step further and configure Authorization on the PIX and Cisco Secure ACS to limit the access the user has after authentication occurs. I’m pretty sure you can restrict his/her access based on source IP address among other authorizations. Here’s some reference and sample config URL's for both products:

http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Software:Cisco_Secure_ACS_NT

http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Hardware:PIX

New Member

Re: ACS & PIX authentication

ok p.krane

but i have 600 users. therefore I must create 600 user on my ACS and 600 named acl on my pix.

104
Views
0
Helpful
2
Replies
CreatePlease login to create content