Proxy in distributed systems, Proxy in – Cisco 3.3 User Manual

Page 120

Advertising
background image

Chapter 4 Network Configuration

Proxy in Distributed Systems

4-4

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

with one another. Each table contains a Cisco Secure ACS entry for itself. In the
AAA Servers table, the only AAA server initially listed is itself; the Proxy
Distribution Table lists an initial entry of

(Default)

, which displays how the local

Cisco Secure ACS is configured to handle each authentication request locally.

You can configure additional AAA servers in the AAA Servers table. This enables
these devices to become available in the HTML interface so that they can be
configured for other distributed features such as proxy, CiscoSecure user database
replication, remote logging, and RDBMS synchronization. For information about
configuring additional AAA servers, see

Adding a AAA Server, page 4-24

.

Proxy in Distributed Systems

Proxy is a powerful feature that enables you to use Cisco Secure ACS for
authentication in a network that uses more than one AAA server. Using proxy,
Cisco Secure ACS automatically forwards an authentication request from a AAA
client to another AAA server. After the request has been successfully
authenticated, the authorization privileges that have been configured for the user
on the remote AAA server are passed back to the original Cisco Secure ACS,
where the AAA client applies the user profile information for that session.

Proxy provides a useful service to users, such as business travelers, who dial in to
a network device other than the one they normally use and would otherwise be
authenticated by a “foreign” AAA server. To use proxy, you must first click
Interface Configuration, click Advanced Options, and then select the
Distributed System Settings check box.

Whether, and where, an authentication request is to be forwarded is defined in the
Proxy Distribution Table on the Network Configuration page. You can use
multiple Cisco Secure ACSes throughout your network. For information about
configuring the Proxy Distribution Table, see

Proxy Distribution Table

Configuration, page 4-34

.

Cisco Secure ACS employs character strings defined by the administrator to
determine whether an authentication request should be processed locally or
forwarded, and to where. When an end user dials in to the network device and
Cisco Secure ACS finds a match for the character string defined in the Proxy
Distribution Table, Cisco Secure ACS forwards the authentication request to the
associated remote AAA server.

Advertising
Popular Brands
Popular manuals