Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

WSA Product Support | SMA Product Support

Cisco SecurityHub

Cisco: Open a Support Case | Support & Downloads | Worldwide Contacts | Bug Search

 ESA: 11.1.0-086
WSA: 10.5.2-042
SMA: 11.0.0-132
Email Plug-in (Reporting): 1.0.1-048
Email Plug-in (Encryption): 1.0.0-036

endpoint
endpoint
Community Member
‎01-17-2012 09:33 AM
‎01-17-2012 09:33 AM

IronPort and Cisco ACS4.2 AAA integration

Hello,

could someone points me to some docs explaining how to integrate IronPort appliance with Cisco ACS server 4.2 for admin access and authentication logs (if possible).

Appreciated.

Thanks

Labels:
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Ken Stieers
Ken Stieers Blue
Blue
‎01-17-2012 09:52 AM
‎01-17-2012 09:52 AM

IronPort and Cisco ACS4.2 AAA integration

So, first off, any currently shipping version of the WSA only allows Admins to be authenticated via RADIUS.

Role based access (aka authorization) is coming soon.

Also, I'm not an ACS user, so I'm guessing what needs to be done there based on using SteelBelted...

Go to ACS, create an entry for the WSA, set a shared secret.  Then go to the WSA, System/Users, click on External Authentication and set the RADIUS server, port and shared secret.

Now in my testing with SteelBelted Radius, only users set up in the RADIUS server were authenticated, it wasn't passing the auth request on to my Active Directory, so it wasn't a big deal...  

In the next version you'll set a class attribute for each user in RADIUS and assign that class attribute to a role in the WSA so that you can set some users to Admins, some to Operators, some to Read Only, etc...

0 Helpful
Reply
2 REPLIES
Ken Stieers
Ken Stieers Blue
Blue
‎01-17-2012 09:52 AM
‎01-17-2012 09:52 AM

IronPort and Cisco ACS4.2 AAA integration

So, first off, any currently shipping version of the WSA only allows Admins to be authenticated via RADIUS.

Role based access (aka authorization) is coming soon.

Also, I'm not an ACS user, so I'm guessing what needs to be done there based on using SteelBelted...

Go to ACS, create an entry for the WSA, set a shared secret.  Then go to the WSA, System/Users, click on External Authentication and set the RADIUS server, port and shared secret.

Now in my testing with SteelBelted Radius, only users set up in the RADIUS server were authenticated, it wasn't passing the auth request on to my Active Directory, so it wasn't a big deal...  

In the next version you'll set a class attribute for each user in RADIUS and assign that class attribute to a role in the WSA so that you can set some users to Admins, some to Operators, some to Read Only, etc...

0 Helpful
Reply
endpoint
endpoint
Community Member
‎01-17-2012 09:57 AM
‎01-17-2012 09:57 AM

IronPort and Cisco ACS4.2 AAA integration

Thanks Ken for quick reply.

Appreciated.

0 Helpful
Reply
Latest Documents
Upgrade Chassis Manager (FXOS)
Created by Jeet Kumar on 02-23-2018 02:51 AM
2
15
2
15
    Login to the FXOS chassis manager. Direct your browser to https://hostname/, and log-in using the user-name and password.     Go to Help > About and check the current version:    Check the current version availa... view more
ASA 5506-X with ipv6 no access to internet
Created by Klaxel on 02-08-2018 01:25 AM
3
5
3
5
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6. In Syslog I also se... view more
Firepower Threat Defense (NGFWv) on UCS E-Series blade on ISR 4K - Routed Mode in HA
Created by Kureli Sankar on 11-12-2017 09:26 PM
0
5
0
5
Documentation UCS E-Series Configuration Guide: http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/e/2-0/gs/guide/b_2_0_Getting_Started_Guide.html Cisco UCS E-Series Getting Started Guide: https://www.cisco.com/c/en/us/td/docs/unified_computing/... view more
All Documents
1287
Views
0
Helpful
2
Replies
CreatePlease to create content
Discussion
Blog
Document
Video
Popular Blogs
AnyConnect Certificate Based Authentication.
Created by Marvin Ruiz on 08-27-2012 05:20 PM
36
70
36
70
BLOG (No Title)
Created by athukral on 06-14-2011 04:23 AM
15
35
15
35
Wireless Hacking
Created by Anim Saxena on 01-24-2013 07:56 AM
2
20
2
20
All Blogs