Cisco Secure ACS 2.6 Returns too many RADIUS attributes
I'm trying to authenticate my Firewall-1 VPN users to Cisco Secure ACS 2.6. FW-1 ignores packets that have unnecessary attributes returned. I've turned off all attributes in the Interface Configuration screen but a snoop shows that the ACS box is still sending several attributes.
Re: Cisco Secure ACS 2.6 Returns too many RADIUS attributes
It is hard to say what CSNT is sending back in the way of attributes without debug (http://www.cisco.com/warp/public/480/9.html) or a sniffer trace. I think RFC 2138 addresses what is sent. If the FW1 ignores packets that have unnecessary attributes, I don't know why there is a need to turn off attributes.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...