AAA/802.1x
Highlighted
AAA/802.1x

Integrate SSG 140 with Cisco ACS

‎10-27-2008 05:59 AM

Hi, my name is Esteban from Argentina.

We have a customer that wants to replace a Cisco Pix 520 for a Juniper SSG 140. The problem is that in this moment the Pix 520 are downloading dynamic policies from a Cisco ACS.

 

Can the SSG 140 download policies from a Cisco ACS ?

 

I supose the answer is NO, but I need to be sure about that.

 

Thank you in advance! 

 

Esteban.

3 REPLIES 3
Highlighted
AAA/802.1x

Re: Integrate SSG 140 with Cisco ACS

‎10-27-2008 11:20 PM

what exactly policies are here, i am confused.

 

SG140 works with Cisco ACS for authentication/authorization purpose.

 

thanks

Raheel Anwar

 

Follow me on Twitter @anwar_raheel

--
If this post was helpful, please mark this post as an "Accepted Solution".
Kudos are always appreciated!
Highlighted
AAA/802.1x

Re: Integrate SSG 140 with Cisco ACS

[ Edited ]
‎10-28-2008 04:24 AM

Thanks for your response Raheel !

 

The ACS have authentication/authorization policies.


For example, the PIX 520 download dynamic VPN policies from the ACS to evaluate what kind of enterprise resurces the user can reachs.

 

The question is, can the Cisco ACS works like a Juniper UAC with a SSG 140 ?

 

Thank you in advance!

 

Esteban.

Message Edited by Teby on 10-28-2008 04:25 AM
Highlighted
AAA/802.1x

Re: Integrate SSG 140 with Cisco ACS

‎10-28-2008 06:14 AM

Hi Teby,

 

I'm not particularly familiar with the way in which the PIX obtains VPN policies but I suspect that they are delivered as part of the authorization process (i.e. in the Access-Accept packet) in Cisco Vendor Specific Attributes (VSAs).

 

There are no such VSAs in the Netscreen dictionaries I've been able to find for downloading VPN policies and I'm not aware of any standard RADIUS attributes that can be used  for that purpose.

 

As I understand it, UAC uses 802.1x based processes to authenticate the user to the IC and then communicate policy changes to the authenticator/policy enforcement point.  The authenticator can be a switch or AP for L2 access control and/or the IC itself for L3 access control.

 

Rgds,

 

Guy 

Announcements

AAA/802.1X

IC Series Unified Access Control Appliances are hardened, centralized policy servers, combining the user identity, device security state and network location gathered by the UAC Agent to create unique network access control policy per user, per session.

RSS Icon
Feedback