A-13
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Appendix A Troubleshooting Information for Cisco Secure ACS
Third-Party Server Issues
Third-Party Server Issues
PIX Firewall Issues
Condition Recovery Action
You cannot
successfully
implement the RSA
token server.
1. Log in to the Windows 2000 server on which Cisco Secure ACS is installed.
(Make sure your login account has administrative privileges.)
2. Make sure the RSA Client software is installed on the same Windows 2000
server as the Cisco Secure ACS.
3. Follow the setup instructions. Do not restart at the end of the installation.
4. Get the file named sdconf.rec located in the /data directory of the RSA
ACE server.
5. Place sdconf.rec on the Windows 2000 server in the
%SystemRoot%\system32 directory.
6. Make sure you can ping the machine that is running the ACE server by
hostname. (You might need to add the machine in the lmhosts file.)
7. Verify that support for RSA is enabled in External User Database: Database
Configuration in the Cisco Secure ACS.
8. Run Test Authentication from the Windows 2000 server control panel for
the ACE/Client application.
9. From Cisco Secure ACS, install the token server.
Condition Recovery Action
Remote administrator cannot
bring up Cisco Secure ACS from
his or her browser or receives a
warning that access is not
permitted.
If Network Address Translation is enabled on the PIX Firewall,
administration through the firewall cannot work.
To administer Cisco Secure ACS through a firewall, you must
configure an HTTP port range in System Configuration: Access
Policy. The PIX Firewall must be configured to permit HTTP traffic
over all ports included in the range specified in Cisco Secure ACS.
For more information, see Access Policy, page 10-11.
To Next Page
Loading...
Need help?
General