Basic Configuration

Authenticate users using

- RADIUS (Cisco) Access server name

- Enter PIX Firewall name. Access server IP address

- Enter PIX Firewall IP address

Windows NT server IP address

- Enter AAA server IP address


- Enter a Secret Key

- Must be the same in the PIX Firewall

©2000, Cisco Systems,

Step 14 Complete the following information:

■ Authenticate Users Using—Type of security protocol to be used. TACACS+ (Cisco) is the default.

■ Access Server Name—Name of the network access server (NAS) that will be using the Cisco Secure ACS services.

■ Access Server IP Address—IP address of the NAS that will be using the Cisco Secure ACS services.

■ Windows NT Server IP Address—IP address of this Windows NT server.

■ TACACS+ or RADIUS Key—Shared secret of the NAS and Cisco Secure ACS. These passwords must be identical to ensure proper function and communication between the NAS and Cisco Secure ACS. Shared secrets are case sensitive. Setup installs the Cisco Secure ACS files and updates the Registry. Click Next

Step 15 The Interface Configuration window opens. The Interface Configuration options are disabled by default. Click the checkbox to enable any or all of the options listed. Click Next.

Note Configuration options for these items are displayed in the Cisco Secure ACS

interface only if they are enabled. You can disable or enable any or all of these and additional options after installation in the Interface Configuration: Advanced Options window.

Step 16 The Active Service Monitoring window opens. To enable the Cisco Secure ACS monitoring service, CSMon, check the Enable Log-in Monitoring checkbox, then select a script to execute when the login process fails the test:

■ No Remedial Action—Leave Cisco Secure ACS operating as is.

■ Reboot—Reboot the system on which Cisco Secure ACS is running.

■ Restart All—(Default.) Restart all Cisco Secure ACS services.

■ Restart RADIUS/TACACS+—Restart only RADIUS, TACACS+, or both protocols.

You can also develop your own scripts to be executed if there is a system failure. See the online documentation for more information.

Step 17 To have Cisco Secure ACS generate an e-mail message when administrator events occur, check the Enable Mail Notifications checkbox, then enter the following information:

■ SMTP Mail Server—The name and domain of the sending mail server; for example,

■ Mail account to notify—The complete e-mail address of the intended recipient; for example, [email protected].

Step 18 Click Next The Cisco Sec ure ACS Service Initiation window opens. If you do not want to configure a NAS from Setup, click Next To configure a single NAS now, click Yes, I want to configure Cisco IOS now. Click Next

0 0

Post a comment