Secure ACS unit and Remote Agents

Similar Questions

• The upgrade to Cisco ACS SE and Remote Agent

  Hello

  Currently we are upgrading the PDC to Windows Server 2008, Standard Edition R2.

  I am little confused with information available for upgrade scenarios. Appearing on the current working versions.

  Cisco ACS SE - version 4.1 Build 23 5 Patch 1

  Cisco ACS Remote Agent version 4.2 (0.124)

  The new operating system will work on 64-bit, I think that the current ACE SE and the remote agent can / must be upgraded.

  My existing versions, give the possible scenarios of upgrade available for me. After that upgraded SE and Remote Agent should work for the 64 bit OS.

  Thanks in advance!

  Yes, it is not possible to upgrade the ACS ACS 5.2 existing to level 4.1. They are two different boxes run on a different platform.

  Unfortunately ACS 4.x does not support windows 2008 r2.

  5.2 ACS is the only option left, and you will need to buy a new box of seprate with the new licnese for this.

  Concerning

  Bellefroid

  Note the useful messages

• ACS 4.2 Remote agent compatibility issues.

  I did a little reading on the compatibility of remote ACS 4.2 with Windows 2008 R2 agent, and it seems that the only way out is to upgrade the ACS to 5.2. We have Cisco ACS 4.2 SE and I would like someone to confirm that I have installed what happens if the remote agent on a Windows 2003 server of Member rather than the 2008 R2 domain controller. Such a scenario will work?

  Comments are appreciated.

  Concerning

  Yes, here's what a bug documented with this CSCtg37183 information:

  http://Tools.Cisco.com/support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtg37183

  Excerpt from the previous link:

  ACS 4.x does not support the Server 2008 R2 to AD.

  Symptom: ACS 4.x does not support authentication to a back-end Server 2008 R2 Active Directory. Conditions: ACS 4.x Windows Server 2008 R2 installed on the domain controller ACS or remote agent installed on a member server in the environment (even if the Server 2003/2008) Workaround solution: Install the ACS or the Remote Agent on a domain controller 2003/2008

  Cisco does not support this scenario because sometimes work well other doesn't work at all, so nobody wants an unstable network right, unfortunately workaround doesn't help much. Although there is an ACS 5.2 trial version that you can test, let me know if I can get you the links.

• ACS 4.2 Remote Agent on Server 2008 R2

  Hello

  We migrate our 2003 to 2008 R2 domain controllers and would like to know if the remote agents are compatible to run on 2008 R2.  I saw the release notes that RAS have been tested on 2008 SP1 but not R2.

  Can someone advise or confirm that RAS are supported on 2008 R2?

  We are running engine Solution and the fix 4.2.1.15 4.2.1.15 - 1.  RAS are the same version.

  Thanks in advance for your help.

  Well, it is a known bug of improvement:

  CSCta35271    Support for Windows server 2008 R2

  ACS 4.2.x supports all the latest versions of Windows 2008. It only supports the registered version. You can also consult the release notes.

  Section of OS supported

  -Windows Server 2008, Standard Edition

  -Windows Server 2008, Enterprise Edition

  -Windows Server 2008, Standard Edition, Service Pack 2 Japanese

  -Windows Server 2008, Enterprise Edition, Service Pack 2 Japanese

  This bug can get fixed in upcoming Release\patches. It's in the pipeline/roadmap and the development team working on it

  Regds,

  JK

  The rate of useful messages-

• Cisco Secure ACS 5.3 SNMP agent does not

  Hello

  I have problems with the SNMP on Cisco Secure ACS 5.3 agent (patch level 5) stop, is there a quick way to restart the SNMP daemon via the command line?

  Robert,

  I understand where you come, I encountered the following bug:

  CSCte39351

  The process of the SNMP agent in demon device ACS stops.

  and reboot the box will bring him back to the top and after about 3 days, he'd stop. I just want to see if it's the same bug that could be back in patch 5. The best thing to do at this stage is to plan a quick down and restart the box to see if the snmp process starts again. If this then gives IT a week to see if the snmp Protocol falls down. If it does then make reference to this bug and open a new case of tac for repair. If not, then you should be in the clear.

  Thank you

  Tarik Admani

• Secure ACS Authentication and Authorization with SecurID

  I am able to authenticate connection attempts using an external database (RSA SecurID).  The problem is that everyone with a token is authorized to connect on any switch with priv15 or whatever I put (but no way to control who gets what access).  How can I allow users based on a certain type of belonging to a group?  The SecurID server is already integrated with LDAP, it only checks to see if the user exists in the database.

  I need to create two groups, or even only allow a single group and deny everyone, but anyone in the organization with a token is allowed to connect.  I can't find guides who do anything beyond authentication when you use a SecurID token.

  Thank you.

  Hello

  Have routers and switches, you given the command "authorization exec default group aaa GANYMEDE", it seems that you have only defined authentication on devices. When the control is in place, user access privileges may be governed by the ACS. In network administrator access by default policy (if you are using the default strategy for GANYMEDE), to set the authorization rule to verify membership in a user group and provide the appropriate profile of shell. Make the default rule to give DenyAccess shell profile to other users.

• ACS Remote Agent

  HI guys,.

  I installed the Remote Agent ACS on my AD controller. I can add the agent to ACS... but I do not see the Windows authentication avaiable in the agent...

  The Agent runs with a service account that has all rights AD.

  Anyone able to help?

  Make sure that this worm device software and remote agent are the same.

  To display the version of CSAgent.exe, type csagent.exe - v, and then press ENTER to command line

  C:\Program Files\Cisco\CiscoSecure ACS Agent\csagent

  Kind regards

  ~ JG

• A remote agent sends multiple ACS journal.

  Could you please show example of how to configure more ACS to a remote agent. I tried to add ConfigProviderHost in CSAgent.ini as follows:

  ConfigProviderHost = 192.168.1.x, 192.168.2.x

  But this isn't a job. The remote agent has not earned any newspaper.

  I need to add the remote agent in the network menu or modify CSAgent.ini or...

  Please notify.

  Thank you.

  Nash

  Hi Nash,

  I think you should level version of the ACS SE 4.2 (in your case).

  And then upgrade your software to Remote Agent 4.2 and everything will work.

  The problem is that the version a single agent (4.x) can not serve two distinct versions SE

  You can use only a single hosting provider with more customers.

  ConfigProviderHost = 192.168.1.1

  Kind regards

  -Aryan

• Active Directory + ACS Remote Agent

  I have a camera ACS (3.2). I understand that I need to use a remote ACS agent installed preferably on a domain controller, Windows authentication. My question is: if I use Active Directory, can I not use external user databases and configure generic LDAP with the appropriate settings to access Active Directory? So I wouldn't need a remote agent? Or I have to use external user databases and configure the databases Windows (which means using an external remote agent? Or I can choose two methods? His confusion as active Direcory cann support for pre-2000 windows domains and I do not know which method of mapping of external user database to use.

  My apologies, missed the word "apparatus" in your original post.

  You can probably do this use anyway, I guess, even though we suggest using a Remote Agent with the Windows DB. If you are not going in this direction, make sure your security permissions (http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/raig/rawi.htm#642394)

  I've had users use the LDAP with Windows Ad database before and it works very well, the only difference (IIRC) is you don't get all the group maps of Windows with this method, but for the authentication of the user only, it should work fine.

• Save the Remote Agent with ACS

  Recently, I installed the version 4.1 Build 23 ACS eval (1). I also downloaded the same version of the remote agent and load on a domain controller, so I can authenticate on my ad. However, if you follow the directions to configure the remote agent on ACS I encountered a problem.

  The online instructions say click on the Network Configuration and click on 'Add an entry' in the table of the Remote Agents. The problem is that I don't see a Remote Agents table in my network setup page. What I am doing wrong?

  Thanks in advance,

  Nick

  Nick,

  You have acs running on windows server, so there is no no need to have installed remote agent.

  Remote agent is required with the GBA unit and not with windows of GBA.

  Kind regards

  ~ JG

  Please note if assistance

• Upgrade ACS 4, 1 - question of Remote Agent

  I've updated Cisco ACS 3.2 to 4.1. Having satisfied certain issues, we finally got installed. Now, we are facing this problem of the remote agent. There is a lot of configuration to do for this agent? Here is the part of the instructions. I know right what they want me to. Where is this Cisco computer? Where we put the Cisco account? We certainly do not have a domain controller on our network called Cisco. Is it better to put this on a domain controller or a member server?

  Thank you

  Dwane

  Step 1 Add CISCO workstation.

  To meet the requirements of Windows for authentication requests, ACS must specify windows

  in my computer to which the user tries to open a session. Because the ACS cannot determine this information

  of authentication requests that send AAA clients, it uses a name of generic workstation for all applications.

  Use CISCO under the name of the workstation.

  In the local domain and in each trusted domain and a child domain that uses ACS to authenticate users.

  ensure that:

  ? A computer named CISCO account exist.

  ? All users that Windows will authenticate are allowed to connect to the computer named CISCO.

  For more information, see the Microsoft documentation for your operating system.

  Go down to da external user---> DB Configuration---> Windows---> Configiure--->---> RA remote agent choose in the drop-down list---> Summit.

  ACS will now use this remote agent.

  Kind regards

  ~ JG

  Please rate if this helps

• Remote agent ACS could not start

  Hello

  I installed the agent remmote ACS for windows from the ACS 4.1 Update CD (the CD migration is not found). I followed the guide of installation and configuration of the remote agent. In the services window I assigned the user of services created in ad in the log on tab and I stopped the process. When I try to start a warning message is displayed that explains the process carried out and stopped. How can I solve this problem? the software is on the CD to upgrade not the right one?

  Seems to be a permission problem. Make sure that this remote agent running Server account is part of the domain administrators group. If she is already using domain administrator account, then do use the local account. It should work.

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.1/installation/guide/remote_agent/Rawi.html#wp300510

  Let me know how it goes

  Kind regards

  ~ JG

• THE ISSUE WITH ACS REMOTE AGENT LOG

  Hello guys,.

  I installed a Cisco ACS SE with version 3.3. I try to configure for sendo journal acs agent remotely, but it does not work. I installed acs remote agent and I activated the registration service during the installation. ACS appliance may communicate with the remote agent, but ACS cannot write logs on the Remote Agent. If I look at logg on ACS its OK, but when I look at the logs on the Remote Agent Windows there is nothing there. Could someone help me?

  Thank you

  Hello

  Please try logging configuration remotely as shown in the link:

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/3.3/user/guide/r.html#wp952633

  Kind regards

  Anisha

  P.S.: ACS 3.3 is out of life and support. Please install the latest version.

• ACS Remote agent problem

  Hello

  I have problem with authentication remote agent acs for VPN connection, I want to remove the agent and point to another server I click on this remote agent and then remove and apply it gave me the error below:

  This Agent is used for NT authentication, this must be reconfigured until it can be removed

  What should I do to remove it?

  I also want to ssh to the machine what is the default username and password?

  THANKSSSSSSSSSSSSS

  What is the ACS version you are using?

  To watch 4.2/4.1

  Database of external-> users

  Configuration of the database->

  Windows database->

  Configuration of external user database->

  Database user configuration Windows->

  Agent selection remote Windows

  And remove agents here.

  ___

  HTH. Please rate this post if this has been helpful. If it solves your problem, please mark this message as "right answer".

• Cisco ACS & remote agent

  Hello

  Is it mandatory that remote agent for CSA will be installed on the primary domain server, would this work if it were to be installed on a virtual server that is a member of the main domainserver? This should be used for authentication using a vpn.

  What impact is remote agent has on the operation of the wrt the CPU server, disruption, etc.

  Thank you.

  ACS can be installed on a member server.