Acs server (cisco) – SonicWALL Internet Security Appliances User Manual

Page 282 SonicWALL Internet Security Appliance Administrator’s Guide

ACS Server (Cisco)

The ACS server, version 2.6, from Cisco does not support the configuration of vendor-specific
privileges. Therefore, if a ACS Server is deployed, user privileges cannot be configured on the server.
The ACS server can still be used for authentication if the RADIUS users are configured globally on
the SonicWALL to have the same privileges. Also, the ACS server supports CHAP, so it can be used
if HTTPS is not available when logging into the SonicWALL management interface.

Internet Authentication Service (Windows NT/2000 Server)

The RADIUS server used on Microsoft Windows NT and Windows 2000 servers is known as the
Internet Authentication Service (IAS). The RADIUS attributes are configured using policies, and does
not support pre-configuration of vendor-specific attributes. The RADIUS attributes are entered
manually into the service by using the following instructions:
1. Open IAS, and select Remote Access Policies.
2. Select the policy to be configured for user privileges, and right click. Select Properties from the

list.

3. Click Edit Profile, and then click Advanced. Click Add.
4. Select Vendor-Specific from the list, and click Add. The Multivalued Attribute Information box

appears.

5. Click Add. The Vendor-Specific Attribute Information box appears.
6. Click Enter Vendor Code, and enter 8741 as the vendor code.
7. Click Yes, It conforms, and then click Configure Attribute. The Configure VSA (RFC compliant)

window appears.

8. Enter 1 as the Vendor-assigned attribute number.
9. Select Decimal as the Attribute format.
10. Enter one of the following values as the Attribute value. Each value defines a privilege for users

within the policy.
1 - Remote Access
2 - Bypass Filters
3 - Access from VPN Client
4 - Access to VPNs

11. Click OK, and then OK again to return to the Multivalued Attribute Information window.

Repeat Steps 5 through 11 for each privilege configured for a policy.
For further information, refer to “To configure vendor-specific attributes for a remote access policy”
in the IAS help file.
With IAS, the user database is located on the domain controller. Therefore, IAS only supports CHAP
with RADIUS if the domain controller is configured to store passwords using reversible encryption
for all users. If the domain controller is not configured in this manner, it is necessary to use HTTPS
to log into the SonicWALL management interface.