Chapter 7 Managing Network Resources

Working with External Proxy Servers

Table 7-6

Default Network Device Page (continued)

 

 

 

Option

 

Description

 

 

Enable KeyWrap

Check to enable the shared secret keys for RADIUS Key Wrap in PEAP, EAP-FAST and

 

 

EAP-TLS authentications. Each key must be unique and be distinct from the RADIUS

 

 

shared key. You can configure these shared keys for each AAA Client.

 

 

Key Encryption Key (KEK)

Used to encrypt the Pairwise Master Key (PMK). In ASCII mode, enter a key with 16

 

 

characters. In hexadecimal mode, enter a key with 32 characters.

 

 

Message Authentication Code

Used to calculate the keyed hashed message authentication code (HMAC) over the

Key (MACK)

 

RADIUS message.

 

 

In ASCII mode, enter a key length with 20 characters. In hexadecimal mode, enter a key

 

 

with 40 characters.

 

 

Key Input Format

Enter the keys as ASCII or hexadecimal strings. The default is hexadecimal.

 

 

 

Related Topics

Network Device Groups, page 7-2

Network Devices and AAA Clients, page 7-5

Creating, Duplicating, and Editing Network Device Groups, page 7-2

Working with External Proxy Servers

ACS 5.3 can function both as a RADIUS and TACACS+ server and as a RADIUS and TACACS+ proxy server. When it acts as a proxy server, ACS receives authentication and accounting requests from the NAS and forwards them to the external RADIUS or TACACS+ server.

ACS accepts the results of the requests and returns them to the NAS. You must configure the external RADIUS or TACACS+ servers in ACS to enable ACS to forward requests to them. You can define the timeout period and the number of connection attempts.

ACS can simultaneously act as a proxy server to multiple external RADIUS or TACACS+ servers.

RADIUS proxy server can handle the looping scenario whereas TACACS+ proxy server cannot.

Note You can use the external RADIUS or TACACS+ servers that you configure here in access services of the RADIUS or TACACS+ proxy service type.

This section contains the following topics:

Creating, Duplicating, and Editing External Proxy Servers, page 7-19

Deleting External Proxy Servers, page 7-21

Creating, Duplicating, and Editing External Proxy Servers

 

 

To create, duplicate, or edit an external proxy server:

 

 

 

 

Step 1

Choose Network Resources > External Proxy Servers.

 

 

The External Proxy Servers page appears with a list of configured servers.

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

 

 

 

 

 

 

OL-24201-01

 

 

7-19

 

 

 

 

 

Page 148 Page 150
Page 149
Image 149
Cisco Systems OL-24201-01 Working with External Proxy Servers, Creating, Duplicating, and Editing External Proxy Servers
Page 148 Page 150
Top Page Image Contents