Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Community Member

IronPort and Cisco ACS4.2 AAA integration

Hello,

could someone points me to some docs explaining how to integrate IronPort appliance with Cisco ACS server 4.2 for admin access and authentication logs (if possible).

Appreciated.

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

IronPort and Cisco ACS4.2 AAA integration

So, first off, any currently shipping version of the WSA only allows Admins to be authenticated via RADIUS.

Role based access (aka authorization) is coming soon.

Also, I'm not an ACS user, so I'm guessing what needs to be done there based on using SteelBelted...

Go to ACS, create an entry for the WSA, set a shared secret.  Then go to the WSA, System/Users, click on External Authentication and set the RADIUS server, port and shared secret.

Now in my testing with SteelBelted Radius, only users set up in the RADIUS server were authenticated, it wasn't passing the auth request on to my Active Directory, so it wasn't a big deal...  

In the next version you'll set a class attribute for each user in RADIUS and assign that class attribute to a role in the WSA so that you can set some users to Admins, some to Operators, some to Read Only, etc...

2 REPLIES

IronPort and Cisco ACS4.2 AAA integration

So, first off, any currently shipping version of the WSA only allows Admins to be authenticated via RADIUS.

Role based access (aka authorization) is coming soon.

Also, I'm not an ACS user, so I'm guessing what needs to be done there based on using SteelBelted...

Go to ACS, create an entry for the WSA, set a shared secret.  Then go to the WSA, System/Users, click on External Authentication and set the RADIUS server, port and shared secret.

Now in my testing with SteelBelted Radius, only users set up in the RADIUS server were authenticated, it wasn't passing the auth request on to my Active Directory, so it wasn't a big deal...  

In the next version you'll set a class attribute for each user in RADIUS and assign that class attribute to a role in the WSA so that you can set some users to Admins, some to Operators, some to Read Only, etc...

Community Member

IronPort and Cisco ACS4.2 AAA integration

Thanks Ken for quick reply.

Appreciated.

1287
Views
0
Helpful
2
Replies
CreatePlease to create content