Cisco ACS 1113 appliance v4.1 - integration of RSA Securid v6.1
The Windows of Cisco ACS version seems to have the ability of integration with RSA Securid its listed in external databases. It can also support the SDI Protocol if you install the agent on the Windows ACS platform. I need to use a Cisco ACS 1113 but RSA Securid does not appear in the section external databases. This mean that I won't be able to use the SDI Protocol only available RADIUS.
And Yes you are right,
With ACS, we need to configure using RADIUS, on ACS SE it won't work with SDI.
Kind regards
Prem
Tags: Cisco Security
Similar Questions
-
Does Cisco ACS 1113 v4.2 device work with Windows 2008
Hello
I have a wireless currently in production infrastructure. All my Cisco LWAP is managed by Cisco WLC. Authentication is done via RADIUS through my device Cisco ACS 1113 running on version 4.2. The Cisco ACS 1113 device communicates with my Windows 2003 Active Directory. Everything is good now.
Next month, we plan to update Active Directory from Windows 2003 to Windows 2008? Will be all fine and good, or will it be questions? Please advice kindly.
I saw another post in this community that the States https://supportforums.cisco.com/thread/1003597?tstart=0. I am now confused. Help, please.
Kind regards
RAM
+ 60122918870
ACS 4.2 does not work with Windows 2008R2. I had a case of TAC open about this, and basically, they told me that I had to switch to 5.2 ACS. I've been doing demonstrations there and it authenticates with Windows2008R2 very well.
-
Cisco ACS 1113 v4.0.1.44 possibilities of reproduction have 1120 and 2nd 1113
Hello
We currently have 1 ACS SE 1113 running the 4.0.1.44 version that we are unable to take the Live service and we want to install a 2nd one for replication and resilience (and have the resilient pair running the 4.2.0.124 version).
We had the following put at our disposal for this purpose an ACS SE 1113 and a CSACS 1120 times 4.2.0.124 the version currently running.
Could you please tell if the following downgrade/upgrade process is valid (I see that the CSACS1120 does not suppot version 4.0 or 4.1).
1. the downgrade 2nd ACS SE 1113 to version 4.0.1.44
2. the replication between the 1113 establishment is so we now have our on-line data on both boxes.
3. take the primary ACS out of service and confirm secondary now handles all requests.
3. switch to level our primary ACS to version 4.1, then to the 4.2.0.124 version
4. bring the ACS primary in-service and see works then take secondary ACS decommissioned for upgrade to version 4.1 and 4.2.0.124
5 confirm replication now working at the 4.2.0124 version.
Are there other methods possible to migrate our existing data directly from our existing of 1113 to one of the other devices (1113 and 1120) 4.2.0.124 running without going through the process of decommissioning/updated above.
Thanks in advance for your help.
Jim.
Hi Jim,.
I understand that you have 3 devices - 2 ACS ACS 1113 and 1120 1.
ACS1 - 1113 4.0.1.44 - running in production.
ACS2 - 1113 4.2.0.124 - lab running.
ACS3 - 1120 4.2.0.124 - running in the laboratory.
You want to configure the replication in the production environment and the transfer of the backup of the ACS1 to 4.2.0.124.
The path mentioned in the post is correct.
You can try to do the following:
take backup of the ACS1. Install ACS for windows 4.0.1.44 in the laboratory. Restore the backup of the ACS1. Upgrade the windows of the ACS to 4.1.1.24 and then to 4.2.0.124 in maintaining the database.
Restore the database on ACS2 and ACS3. Configure replication for ACS2 and ACS3.
Take a time out and replace ACS1 with the pair of replication of ACS2 and ACS3.
I hope this helps.
Kind regards
Anisha
P.S.: Please mark this message as answered if you feel that your query is resolved. Note the useful messages.
-
Integration appliance ACS 1113 with RSA-Urgent
Hi Experts,
I got the following steps to install the fix on ACS 1113 V 4.0 Box.
Instructions on how to install the patch
========================================
1 extract the ACS CSAuth.exe - 4.0.1 - RSA - SW -CSCsc12614- CSCsd41866.zip
2 stop the CSAuth service
3. locate
\bin and save a copy of the current CSAuth.exe 4. copy the extracted the zip to \bin CSAuth.exe new
5 start the CSAuth service
In step 3, it was mentioned that locate
\bin and save a copy of the current CSAuth.exe (i.e. on device ACS 1113). Could someone help me with the steps to locate the ACS ACS 1113 unit dir. Thank you
Smail
Satish,
These steps are for windows-based acs. For the steps of the device are different. You need patch for the device.
Steps to download for device attached is patch
You can download the patch from the unit of
http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-Soleng-3DES
Please note if assistance
Kind regards
~ JG
-
Cisco ACS 4.2 1113 Recovery DVD
Nice day!
We have CSACSE-1113-k9 Cisco ACS 4.2 device 1113. And we need to reimage (restore the device to its original state). Can enyone help me with the correct link software.cisco.com image recovery DVDs?
I'm trying to find it, but I can't see recovery dvd:
Hello
As far as I know, you don't have the possibility to download cisco.com ACS recovery DVDs. You can contact Cisco TAC and they can publish the software for you.
Note If useful...
Kind regards
Kush
-
Integration of Cisco ACS and Cisco NAC Manager - downloadable ACLs
Hello
I have Setup Cisco NAC in my environment. These are all works well. The users themselves will get authenticated via Cisco NAC Manager. The Cisco NAC Manager meets with Cisco ACS for the part of the user database. These are all works well. I would like to activate downloadable ACLs. I tried to use the CISCO-AV-PAIR method and creating a downloadable ACL entry in the shared components, but nothing works. It's either I'm doing wrong or this configuration of the mine does not support downloadable ACLs? Please advice kindly.
Kind regards
RAM
+ 6 012-2918870
Hello
It is not possible.
You cannot push the ACL in the NAC manager.
If you make the Radius of NAC authentication manager, you can do is create roles the NAC Manager, and on the roles you define traffic strategies.
Using the Radius attributes you can then map users to roles.
Please, take a look at this:
HTH,
Tiago
--
If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.
-
Cisco ACS appliance takes long to start after initial config
Hello
I'll put up 2 ACS (1113 HW, SW 4.1) devices. After the initial configuration (IP address, admin pass etc.) and reboot, the devices do not seem to start or close the login prompt (even after a start of the night).
What could be the problem with the device or my patience?
Hello
If you get something like from console windows,
Then, make sure that you use less than 15 characters without spaces unit name.
Kind regards
Prem
-
Upgrade to Cisco acs 1120 to 4.2.1.15 help
Hi all
I downgrade of cisco device 1120 DCC acs 4.2.0.124 5.0, I need to upgrade to acs 4.2.1.15. Is device 1120 cisco acs supports 4.2.1.15, how do I upgrade 4.2.0.124 4.2.1.15.
There are any server distribution for the upgrade. Please suggest on this, thank you
Yes, you can upgrade it to 4.2.1.15 and you can download the version from the link below listed;
http://Tools.Cisco.com/Squish/d4e4A
Here are the files you need to download:
ACSse-Upgrade-Pkg-acs-v4.2.1.15-K9.zip
ACSse-Upgrade-Pkg-appl-mng-v4.2.1.15-K9.zip
: Note apply the upgrade of management first and then software update. ..
Distribution server is a machine where you can download the patch on the Cisco Secure ACS Appliance, so if you download the version on your laptop and download then only one distributor (nothing special)
Upgrade an application of 4.2.1.15
I hope this helps.
Rgds, jousset
Note the useful posts ~
-
connection via Cisco ACS 5.0 limit
Hi all
My infrastrucer wireless a few days ago I deploy Cisco ACS 5.0 with Active directory integration. My wireless users are connecting through web authentication process. The authentication process is gone through AD & his works very well. But I want to work on my 5.0 ACS that a user cannot simultaneously connect several devices at a time.
Hello Sabine,.
'max sessions' featre introduced acs 5.3.
Maximum user sessions
For optimal performance, you can limit the number of concurrent users to access the network resources. ACS 5.3 imposes limits on the number of simultaneous sessions of service by the user.
The limits are defined in several different ways. You can set limits to the user level or at the level of the group. Depending on the configurations of the user's maximum session, the session number is applied to the user.
IMPORTANT: for maximum sessions work for access of the user, the administrator must configure RADIUS account management.
You can go through the link listed for more information below:
The code that you're using now ACS 5.0 is not recommended for a production environment. You need to upgrade the ACS to achieve the functionality of session max.
Jatin kone
-Does the rate of useful messages- -
Cisco ACS 5.3 connect to multiple identity stores / external database?
Hello
I understand that Cisco Secure ACS 5.3 supports integration with the existing external identity repositories such as LDAP and Active Directory Windows servers. In fact, in my environment, my ACS 5.3 is now integrated with AD and RSA.
My question is can Cisco Secure ACS 5.3 integrate with "several" WIndows AD, LDAP, RSA server etc.? If so, is there a document from Cisco saying this? The key word here is multipple. Please help with kindness.
You can only authenticate against an Active Directory domain. If you have users from several domains, the domain that you configure in ISE must approve other areas.
On the other hand, if you use regular LDAP so it supports multiple LDAP servers.
It may be useful
-
TLS v1.2 on Cisco ACS 5.7
Hello
V1.2 TLS is supported on Cisco ACS 5.7 appliance virtual?
If this isn't the case, you know were I can check it out?
Thank you!!!
Unfortunately, 5.7 ACS don't supports TLS v1.2
We filed an enhancement request to support.
CSCuu29920 ENH: Add support for TLS 1.2 on ACS 5.X
Kind regards
~ Jousset
-
This version of Cisco Adaptive Security Appliance Software Version 9.6 (1) 5 is affected by Cisco Adaptive Security Appliance SNMP Remote Code execution vulnerability and Cisco Adaptive Security Appliance CLI Remote Code execution vulnerability of
Hi vrian_colaba,
You can take a look at cisco's Advisory here:
https://Tools.Cisco.com/Security/Center/content/CiscoSecurityAdvisory/CI...
Fixed versions
Cisco ASA Major Release First version fixed 7.2 Affected; migrate to 9.1.7(9) or later 8.0 Affected; migrate to 9.1.7(9) or later 8.1 Affected; migrate to 9.1.7(9) or later 8.2 Affected; migrate to 9.1.7(9) or later 8.3 Affected; migrate to 9.1.7(9) or later 8.4 Affected; migrate to 9.1.7(9) or later 8.5 Affected; migrate to 9.1.7(9) or later 8.6 Affected; migrate to 9.1.7(9) or later 8.7 Affected; migrate to 9.1.7(9) or later 9.0 9.0.4 (40) 9.1 9.1.7(9) 9.2 9.2.4 (14) 9.3 9.3.3 (10) 9.4 9.4.3(8) ETA 26/08/2016 9.5 9.5 (3) ETA 30/08/2016 9.6 (DFT) 9.6.1 (11) / 6.0.1(2) FTD 9.6 (ASA) 9.6.2 5 9.6 (1) is not part of the fixed versions, this means that is assigned for the SNMP Remote Code execution vulnerability.
Cisco Adaptive Security Appliance CLI Remote Code vulnerability to run you can also take a look at cisco's Advisory here:
https://Tools.Cisco.com/Security/Center/content/CiscoSecurityAdvisory/CI...
Fixed versions
The following table shows the first software versions that include fixes for this vulnerability (9.6 is not affected)
Cisco ASA Major Release First version fixed 7.2 Affected, migrate to 8.4 (3) or later 8.0 Affected, migrate to 8.4 (3) or later 8.1 Affected, migrate to 8.4 (3) or later 8.2 Affected, migrate to 8.4 (3) or later 8.3 Affected, migrate to 8.4 (3) or later 8.4 8.4 (3) 8.5 Affected, migrate to 9.0 (1) or later version 8.6 Affected, migrate to 9.0 (1) or later version 8.7 Affected, migrate to 9.0 (1) or later version 9.0 9.0 (1) 9.1 Not affected 9.2 Not affected 9.3 Not affected 9.4 Not affected 9.5 Not affected 9.6 Not affected Hope this info helps!
Note If you help!
-JP-
-
Problem with certifcate on Cisco ACS
We want to authenticate our internal wireless users using our Cisco ACS running 5.3. GBA questions our Active Directory environment for the user name and password provided. I created a CSR on GBA and it provided to Entrust. They gave me a root certificate, string and server. I've linked the server certificate to the CSR under System Administration > Local Server Certificates > local certificates. I then added the chain and the root certificates to the users of the site and identity stores > autorités. When I try to connect to a laptop client he asks a user name and password, but after entering this information, I am presented with the warning on this certificate below. This certificate is to Entrust and I see the certificate root in the root store on the laptop. Any ideas what would cause this. TAC does not seem to have all the answers. They say it's a problem of the client machine.
In case you want to check your configuration settings.
http://www.Cisco.com/en/us/products/ps10315/products_configuration_example09186a0080bd1100.shtml
~ BR
Jatin kone* Does the rate of useful messages *.
-
Hello
I currently have a Cisco ACS 3.3 Server. I want to upgrade the server to the latest version and cluster with one another so that we can have a redundant infrastructure because if one fails it also includes...
Can provide you a solution for this?
Thank you
Hello
The latest version is 4.1 ACS. You can upgrade 3.3.3 build 11 directly to 4.1.
Then, you can install an another ACS 4.1 on a different machine and replication configuration between these two. In this way, you will need to make changes to only one that ACS and the secondary will be automatically updated.
Once these two are defined, you can set both of these servers as a server Radius/Ganymede on devices and there will be a redundancy.
Kind regards
Vivek
-
How can I use Cisco ACS to save Shell commands
Hi guys, pleeeease how can I configure Cisco ACS to do command authorization on my Cisco 3660 router. I get the accounting logs and authentication but no newspaper that show orders issued by users - shell and it's the most important paper that I need. I read materails and download articles on the site of Cisco... but the thing is still does not give me the papers.
I have these lines on my router:
...
AAA authorization config-commands
AAA authorization exec default group Ganymede +.
AAA authorization commands 15 default authenticated if
AAA authorization network default group Ganymede +.
...
It's funny, when I turn on debugging of the authorization of the AAA on the router, it shows me every command being sent by the user on the debug log. But nothing shows under Administration TACAC + on the Cisco Secure ACS. What is responsible for this?
*****************************************************
I installed the trial version of the Cisco ACS 90 days and made all necessary settings and I have to say I like what I see already. I'm opening moves to recommend the product to purchase. Thank you guys, I got about the features of this ACS software through this forum, keep up the good work. I recommend the software for those who need to have adapted to the management reports Security Audit logs.
If I understand what you're asking correctly, the answer is not in the authorization, that it is in accounting. I set up on my routers and send to ACS orders that level 15 privilege users enter on the router.
orders accounting AAA 15 by default start-stop Ganymede group.
Maybe you are looking for
-
How come my Imac 27 "2010 Siri is slow to when it is activated (press)? Because of the low RAM?
-
Satellite Pro 2100 - where can I download the drivers
Hi all My friend has just been given a Toshiba Satellite Pro "sp2100" model number sp210e - 006p 9 - 4 d Although I can find plenty of mentions on Google I can't find this model on this website to download the drivers. I go as far as to select "serie
-
EliteBook 8440p: Recover my windows series
Hello I bought a 8440p with a friend here last week, I tried to restore the system from the F11 key at startup, but it seems that this key don't have any function, I googled and I found that I have to download HP protect tools and HDD decryp but with
-
EliteBook 8540w: drivers Elitebook 8540w
You guys were so helpful with other users, hoping that I can get the same level of service Long story short, hard disk, fried, replaced by an SSD installed win7pro 64 bit, try to load all the drivers have some that is persistent. UH... 1. base system
-
Attempt to analysis of Images from a memory card. My computer has a memory card slot, but I get Message no detected scan. Shortly it will scan even if I get this message but then I can't find the images. Where will the images when you scan Windows