Third-Party Server Issues; Pix Firewall Issues - Cisco 2509 - Router - EN User Manual

Appendix A Troubleshooting Information for Cisco Secure ACS

Third-Party Server Issues

Condition
You cannot
successfully
implement the RSA
token server.

PIX Firewall Issues

Condition
Remote administrator cannot
bring up Cisco Secure ACS from
his or her browser or receives a
warning that access is not
permitted.
78-14696-01, Version 3.1
Recovery Action
1. Log in to the Windows 2000 server on which Cisco Secure ACS is installed.
(Make sure your login account has administrative privileges.)
2. Make sure the RSA Client software is installed on the same Windows 2000
server as the Cisco Secure ACS.
3. Follow the setup instructions. Do not restart at the end of the installation.
Get the file named
4.
ACE server.
Place
5.
sdconf.rec
%SystemRoot%\system32
6. Make sure you can ping the machine that is running the ACE server by
hostname. (You might need to add the machine in the lmhosts file.)
7. Verify that support for RSA is enabled in External User Database: Database
Configuration in the Cisco Secure ACS.
8. Run Test Authentication from the Windows 2000 server control panel for
the ACE/Client application.
9. From Cisco Secure ACS, install the token server.
Recovery Action
If Network Address Translation is enabled on the PIX Firewall,
administration through the firewall cannot work.
To administer Cisco Secure ACS through a firewall, you must
configure an HTTP port range in System Configuration: Access
Policy. The PIX Firewall must be configured to permit HTTP traffic
over all ports included in the range specified in Cisco Secure ACS.
For more information, see
located in the
sdconf.rec
on the Windows 2000 server in the
directory.
Access Policy, page
User Guide for Cisco Secure ACS for Windows Server
Third-Party Server Issues
directory of the RSA
/data
10-11.
A-13