Chapter 7 Managing Network Resources

Working with External Proxy Servers

Step 2 Do one of the following:

Click Create.

Check the check box next to the external proxy server that you want to duplicate, then click Duplicate.

Click the external proxy server name that you want to edit, or check the check box next to the name and click Edit.

The External Proxy Servers page appears.

Step 3 Edit fields in the External Proxy Servers page as shown in Table 7-7.

Table 7-7

External Policy Servers Page

Option

Description

General

Name

Name of the external RADIUS or TACACS+ server.

 

 

 

 

Description

(Optional) The description of the external RADIUS or TACACS+ server.

 

 

 

Server Connection

 

 

 

 

 

Server IP Address

IP address of the external RADIUS or TACACS+ server.

 

 

 

Shared Secret

Shared secret between ACS and the external RADIUS or TACACS+ server that is used for

 

authenticating the external RADIUS or TACACS+ server.

 

A shared secret is an expected string of text that a user must provide to enable the network device to

 

authenticate a username and password. The connection is rejected until the user supplies the shared

 

secret.

 

Show/Hide button is available to view the Shared secret in plain text or hidden format.

 

 

 

Advanced Options

 

 

 

 

 

RADIUS

Choose to create RADIUS proxy server.

 

 

 

TACACS+

Choose to create TACACS+ proxy server.

 

 

 

CiscoSecure ACS

Default choice. Supports both RADIUS and TACACS+.

 

 

 

Authentication Port

RADIUS authentication port number. The default is 1812.

 

 

 

Accounting Port

RADIUS accounting port number. The default is 1813.

 

 

 

Server Timeout

Number of seconds ACS waits for a response from the external RADIUS server. The default is 5

 

seconds. Valid values are from 1 to 999.

 

 

 

Connection

Number of times ACS attempts to connect to the external RADIUS server. The default is 3 attempts.

Attempts

Valid values are from 1 to 99.

 

 

 

Connection Port

TACACS+ connection port. The default is 49.

 

 

 

Network Timeout

Number of seconds ACS waits for a response from the external TACACS+ server. The default is 20

 

seconds.

 

 

 

Step 4 Click Submit to save the changes.

 

The external Proxy Server configuration is saved. The External Proxy Server page appears with the new

 

configuration.

 

User Guide for Cisco Secure Access Control System 5.3

7-20

OL-24201-01

Page 150
Image 150
Cisco Systems OL-24201-01 manual Choose to create Radius proxy server