Name: Cisco Servers
Brand: Cisco
Rating: 5 (1 reviews)

To Next Page

To Previous Page

F-5

Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide

78-13751-01, Version 3.0

Appendix F Cisco SecureACS and Virtual Private Dial-up Networks

VPDN Process

Figure F-7 NAS Authenticates Tunnel with ACS

After authenticating, the tunnel is established. Now the actual user

(mary@corporation.us) must be authenticated. See Figure F-8.

Figure F-8 VPDN Tunnel is Established

The HG now authenticates the user as if the user dialed directly in to the HG.

The HG might now challenge the user for a password. The Cisco Secure ACS

at RSP can be configured to strip off the @ and domain before it passes the

authentication to the HG. (The user is passed as mary@corporation.us.) The

HG uses its ACS to authenticate the user. See Figure F-9 on page F-6.

S6651

Username = home_gate

Password = CHAP_stuff

Corporation

VPDN user

User = mary@corporation.us

ACS

RSP

ACS

CHAP response

S6652

Corporation

VPDN user

User = mary@corporation.us

ACS

RSP

ACS

Default Chapter2
- Version2
- AAA Server Functions and Concepts40
- Cisco Secure ACS HTML Interface57
Chapter 2 Deploying Cisco Secure ACS67
- Basic Deployment Requirements for Cisco Secure ACS68
  - System Requirements68
  - Network Requirements70
- Basic Deployment Factors for Cisco Secure ACS70
- Suggested Deployment Sequence84
Chapter 3 Setting up the Cisco Secure ACS HTML Interface89
- Interface Design Concepts90
  - User-To-Group Relationship90
  - Per-User or Per-Group Features90
- User Data Configuration Options91
  - Defining New User Data Fields91
- Advanced Options92
  - Setting Advanced Options for the Cisco Secure ACS User Interface94
- Protocol Configuration Options for TACACS95
  - Setting Options for TACACS97
- Protocol Configuration Options for RADIUS98
CHAPTER 4 Setting up and Managing Network Configuration109
- C H a P T E R 4 Setting up and Managing Network Configuration110
- About Distributed Systems110
  - AAA Servers in Distributed Systems111
  - Default Distributed System Settings111
- Proxy in Distributed Systems112
- Other Features Enabled by System Distribution116
- AAA Client Configuration116
- AAA Server Configuration123
- Network Device Group Configuration128
- Proxy Distribution Table Configuration133
  - About the Proxy Distribution Table133
Chapter 5 Setting up and Managing Shared Profile Components139
- Downloadable PIX Acls140
  - About Downloadable PIX Acls140
  - Downloadable PIX ACL Configuration141
- Network Access Restrictions144
  - About Network Access Restrictions144
  - Shared Network Access Restrictions Configuration145
- Command Authorization Sets150
Chapter 6 Setting up and Managing User Groups157
- User Group Setup Features and Functions158
  - Default Group158
  - Group TACACS+ Settings158
- Common User Group Settings159
- Configuration-Specific User Group Settings171
- Group Setting Management204
Chapter 7 Setting up and Managing User Accounts207
- User Setup Features and Functions208
- About User Databases209
- Basic User Setup Options210
- Advanced User Authentication Settings229
- User Management257
CHAPTER 8 Establishing Cisco Secure ACS System Configuration264
- Service Control264
  - Determining the Status of Cisco Secure ACS Services264
  - Stopping, Starting, or Restarting Services264
- Logging265
- Date Format Control265
  - Setting the Date Format266
- Password Validation266
  - Setting Password Validation Options267
- Ciscosecure Database Replication268
- RDBMS Synchronization286
- Cisco Secure ACS Backup302
- Cisco Secure ACS System Restore307
- Cisco Secure ACS Active Service Management310
  - System Monitoring311
    - System Monitoring Options311
    - Setting up System Monitoring312
  - Event Logging313
    - Setting up Event Logging313
- IP Pools Server314
- IP Pools Address Recovery321
CHAPTER 9 Working with Logging and Reports338
- Special Logging Attributes338
- Update Packets in Accounting Logs339
- About Cisco Secure ACS Logs and Reports340
  - Accounting Logs340
  - Passed Authentications Log346
- Dynamic Cisco Secure ACS Administration Reports346
  - Logged-In Users Report347
  - Disabled Accounts Report350
- Cisco Secure ACS System Logs351
- Working with CSV Logs355
- Working with ODBC Logs361
- Remote Logging365
- Service Logs370
  - Services Logged370
  - Configuring Service Logs371
CHAPTER 10 Setting up and Managing Administrators and Policy375
- Administrator Accounts375
- Access Policy384
  - Access Policy Options384
  - Setting up Access Policy386
- Session Policy387
  - Session Policy Options387
  - Setting up Session Policy388
- Audit Policy390
Chapter 11 Working with User Database392
- Ciscosecure User Database392
- About External User Databases394
  - Authenticating with External User Databases395
- Windows NT/2000 User Database396
- Generic LDAP404
- Novell NDS Database414
- ODBC Database420
- LEAP Proxy RADIUS Server Database434
  - Configuring a LEAP Proxy RADIUS Server External User Database435
- Token Server User Databases437
- Deleting an External User Database Configuration448
CHAPTER 12 Administering External User Databases451
- Unknown User Processing451
- Database Group Mappings460
  - Group Mapping by External User Database460
    - Creating a Cisco Secure ACS Group Mapping for a Token Server, ODBC Database, or LEAP Proxy RADIUS Server Database462
  - Group Mapping by Group Set Membership463
Appendix473
Troubleshooting Information for Cisco Secure ACS473
- Administration Issues474
- A P P E N D I X a Troubleshooting Information for Cisco Secure ACS475
- Browser Issues475
- Cisco IOS Issues476
- Database Issues477
- Dial-In Connection Issues478
- Debug Issues483
- Proxy Issues484
- Installation and Upgrade Issues485
- Maxsessions Issues485
- Report Issues486
- Third-Party Server Issues487
- PIX Firewall Issues488
- User Authentication Issues488
- TACACS+ and RADIUS Attribute Issues490
Appendix491
System Messages491
- Windows NT/2000 Event Log Service Startup Errors491
  - System Monitored Events492
- Replication Messages496
- Failed Attempts Messages499
Appendix501
TACACS+ Attribute-Value Pairs501
- Cisco IOS Attribute-Value Pair Dictionary501
  - TACACS+ AV Pairs502
  - TACACS+ Accounting AV Pairs504
Appendix505
- Cisco VPN 3000 Concentrator Dictionary of RADIUS Vsas512
- Cisco VPN 5000 Concentrator Dictionary of RADIUS Vsas515
- Cisco Building Broadband Service Manager Dictionary of RADIUS VSA515
- Vendor-Proprietary IETF RADIUS AV Pairs516
- IETF Dictionary of RADIUS AV Pairs518
  - RADIUS (IETF) Accounting AV Pairs522
- Microsoft MPPE Dictionary of RADIUS Vsas524
- Ascend Dictionary of RADIUS AV Pairs527
- Nortel Dictionary of RADIUS Vsas535
- Juniper Dictionary of RADIUS Vsas536
Appendix537
Cisco Secure ACS Command-Line Database Utility537
- A P P E N D I X E Cisco Secure ACS Command-Line Database Utility538
- Csutil.exe Syntax538
- Location of Csutil.exe and Related Files538
- Csutil.exe Options539
- Backing up Cisco Secure ACS with Csutil.exe541
- Restoring Cisco Secure ACS with Csutil.exe542
- Creating a Ciscosecure User Database543
- Creating a Cisco Secure ACS Database Dump File545
- Loading the Cisco Secure ACS Database from a Dump File546
- Compacting the Ciscosecure User Database547
- User and AAA Client Import Option549
  - Importing User and AAA Client Information549
  - User and AAA Client Import File Format549
- Exporting User List to a Text File559
- Exporting Group Information to a Text File560
- Decoding Error Numbers561
- Exporting Registry Information to a Text File561
- Recalculating CRC Values562
- User-Defined RADIUS Vendors and VSA Sets563
Appendix575
Cisco Secure ACS and Virtual Private Dial-Up Networks575
- VPDN Process575
- A P P E N D I X F Cisco Secure ACS and Virtual Private Dial-Up Networks576
ODBC Import Definitions582
- Accountactions Table Specification582
  - Accountactions Table Format582
- Action Codes585
- Cisco Secure ACS Attributes and Action Codes611
- An Example Accountactions Table616
Appendix G ODBC Import Definition583
- Accountactions Table Mandatory Fields583
- Accountactions Table Processing Order584
Appendix619
Cisco Secure ACS Internal Architecture619
- Windows NT/2000 Environment Overview620
  - Windows NT/2000 Services620
  - Windows NT/2000 Registry620
- Cisco Secure ACS Web Server620
- Csadmin621
- Csauth621
- Csdbsync624
- Cslog624
- Csmon625
- Cstacacs and Csradius629

Brand	Cisco
Model	Servers
Category	Software
Language	English

Cisco Servers User Manual

Table of Contents

Questions and Answers:

Cisco Servers Specifications

Related product manuals