Did some looking into the documentation on ACS for NT/2K and it looks like
Cisco is using a non MS web server, rather than building on IIS 4 or 5. So
you can do what you can do with it. If Cisco doesn't include HTTPS you
don't get HTTPS. I know IIS, not ACS - sorry. I hope to remedy that in the
near future.
If you are using Win2K as your ACS server it is possible to make use of
IPSec to other W2K boxes based on local IPSec policy or domain level IPSec
policy. This would give you the secure communication you are looking for,
even if the application does not support HTTPS. YMMV, VWPBL, OSTCAAT.
TTFN,
Bill Pearch, Anchorage AK
-----Original Message-----
From: Sean Young
To: [EMAIL PROTECTED]
Sent: 4/30/2001 4:41 AM
Subject: RE: Differences between TACACS+ and Cisco ACS [7:2245]
Bill,
Are you sure about this? I've contacted Cisco TAC support and have
been told it is NOT possible because Cisco ACS itself does NOT
https. Can anyone confirm this?
Thanks
Sean
>From: "Bill Pearch"
>Reply-To: "Bill Pearch"
>To: [EMAIL PROTECTED]
>Subject: RE: Differences between TACACS+ and Cisco ACS [7:2245]
>Date: Mon, 30 Apr 2001 02:16:01 -0400
>
>With NT/2000 and IIS4 or IIS5 we can make any HTTP:// site a HTTPS://
site
>with a couple of mouse clicks. If you are using Win2K there is a heck
of a
>help file that will walk you through the process, step by step.
>TTFN,
>Bill Pearch, Anchorage AK
>
>-----Original Message-----
>From: Sean Young [mailto:[EMAIL PROTECTED]]
>Sent: Sunday, April 29, 2001 7:19 PM
>To: [EMAIL PROTECTED]
>Subject: Re: Differences between TACACS+ and Cisco ACS [7:2245]
>
>
>"You can access it using a browser anywhere". This is what I am
worried
>about. When you are talking about controlling ACS via the web browser
>interface, does it use standard "http" or "https". If it uses the
>standard http, then everything can be captured by a sniffer.
>
>Can anyone confirm this? Thanks.
>
>Sean
>
>
> >From: "nana"
> >Reply-To: "nana"
> >To: [EMAIL PROTECTED]
> >Subject: Re: Differences between TACACS+ and Cisco ACS [7:2245]
> >Date: Sun, 29 Apr 2001 18:08:09 -0400
> >
> >CiscoSecure Version 2.6 was for Windows NT/2000 is actually a very
>improved
> >product compared to its preds. Easy to configure and manage. You
can
> >access it using a browser anywhere. It also allows you to control
the
> >admin access itself so that others can manage usersgroups etc but not
the
> >top admin level functions
> >"Sean Young" wrote in message
> >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > Hi Everyone,
> > >
> > > The company I am working for is considering purchasing Cisco ACS
> > > software. This piece of software will be running on Solaris
platform.
> > > Currently, I am using TACACS+ (self-supported software with source
>code)
> > > on our environment running on both Solaris and linux platforms
>(Primary
> > > TACACS is on Solaris and backup is on Linux). We've modified the
>source
> > > code so that each user has his/her own privilige password so that
we
> > > have a record of who is doing what on the network devices
(accounting
> > > purpose). Everything is running smoothly and the company is happy
>with
> > > the result.
> > >
> > > In my opinion, learning CLI in Unix/linux is not an easy task to
>master.
> > > Because of this, I am solely responsible for the TACACS servers.
> >Finding
> > > someone to train for this thing is NOT an easy thing (thanks to
> >Microsoft
> > > mentality of POINT-and-CLICK attitude of new people coming into
the IT
> > > field these days). I've tried to train several people for this
task
>but
> > > it was unsuccessful. Because of this, the company is considering
of
> > > migrating the TACACS server from Solaris/Linux over to Microsoft
>Windows
> > > platforms (YIKES) so that we can find additional support staffs.
> > > The software package that we consider is Cisco ACS. I have
several
> > > questions regarding this package:
> > >
> > > 1) Is this software stable on a Windows platform? (Sorry I have
to
>ask)
> > > 2) How long does it take to train a newbie to be efficient with
Cisco
> > > ACS running on Winblows platform?
> > > 3) Does Cisco ACS support enable privilege for each individual
user
>(i.e
> > > does each user have his/own enable password)?
> > >
> > > If anyone has done it before or have a similar experience, I would
>like
> > > to hear from you.
> > >
> > > Many thanks.
> > > Sean
> > > _________________________________________________________________
> > > Get your FREE download of MSN Explorer at http://explorer.msn.com
> > > FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
>
>_________________________________________________________________
>Get your FREE download of MSN Explorer at http://explorer.msn.com
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=2612&t=2245
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
