Cisco Secure Access Control Server

The Cisco Secure Access Control Server (CSACS) is Cisco's AAA server that supports both the RADIUS and TACACS+ protocols. The software provides centralized AAA services for AAA clients such as the PIX firewall. It is also very scalable, with the option to use its own user database or connect to an external user database, such as one of these:

• Axent token server

• Generic LDAP

• Novell NDS

• SafeWord token server

• Windows NT/2000 local or domain controller

Installing CSACS

The CSACS can be installed onto Unix or Microsoft Windows Server. Cisco uses a Web page front-end to configure the system. The following are some of the Windows requirements:

• Pentium III processor with 550MHz or better

• 256MB of RAM

• 250MB of available disk space

• Windows 2000 with SP1 or Windows NT with SP6a

During the installation, the software asks for at least one network access server (NAS) to be set up. A NAS is an AAA client, and in this case it's the PIX firewall (see Figure 10.3). CSACS can support up to 2,000 AAA clients.

During installation, the NAS's details dialog box has a prompt that states Access Server IP Address . This is the address of the PIX firewall or other network access server that will be using the CSACS server.

Cisco supports several solutions for CSACS. The latest version is CSACS for Windows 3.2 and v2.3 for Unix. CSACS may also be purchased in a 1 RU hardware solution called the CSCAS Solution Engine. More information can be found in the "Need to Know More?" at the end of the chapter.