Guest

Cisco Secure Access Control Server Solution Engine

Cisco Secure Access Control Server Solution Engine 4.2

  • Viewing Options

  • PDF (82.9 KB)
  • Feedback

PB378412

Product Overview

Cisco ® Secure Access Control Server (ACS) Solution Engine is a ready-to-use, security-hardened server dedicated to running Cisco Secure ACS services. Cisco Secure ACS is an industry-leading, highly scalable access policy platform that supports comprehensive, identity-based network access control. Cisco Secure ACS provides central management of access policies for both network access and device administration and supports a wide range of access scenarios including wireless LAN, 802.1x wired, and remote access. Cisco Secure ACS is the leading authentication, authorization, and accounting (AAA) platform in the market and is deployed by 90 percent of the top 500 Cisco customers.
Cisco Secure ACS is also available as a software kit. For more information on Cisco Secure ACS 4.2 for Windows, please refer to the data sheet and the product bulletin at http://www.cisco.com/en/US/products/sw/secursw/ps2086/

New Features

Cisco Secure ACS Solution Engine 4.2 includes the following new features:

• Extensible Authentication Protocol (EAP) protocol options:

– EAP-Flexible Authentication via Secure Tunneling (FAST) enhancement for anonymous Transport Layer Security (TLS) renegotiation: ACS allows an anonymous TLS handshake between the end-user client and ACS.

– EAP-FAST enhancement for invalid Protected Access Credentials (PAC): ACS provides an option to run EAP-FAST without issuing or accepting any tunnel or machine PAC when an invalid PAC is received.

– EAP-TLS with no PAC and no Active Directory processing: ACS supports EAP-FAST tunnel establishment without PAC and without client certificate lookup.

• Group filtering at the Network Access Profile (NAP) level with Lightweight Directory Access Protocol (LDAP): When using LDAP to query an external user data store, ACS capabilities have been extended to allow group filtering at the NAP level. Depending on the user's external database group membership, ACS can either reject or accept access to the network based on the group filtering settings.

• RSA authentication with LDAP group mapping: ACS can authenticate with RSA and at the same time perform group mapping with LDAP. This option allows ACS to control authorization based on a user's LDAP group membership.

• Active Directory multiforest support: ACS supports authentication in a multiforest environment.

• Time-based restrictions: ACS administrators may configure a user to be in an alternative group for a restricted period of time.

• Relational database management system (RDBMS) synchronization enhancements: ACS has programmatic interface additions for downloadable access control list (ACL) synchronization. ACS Solution Engine now also supports scriptable RDBMS synchronization through a Secure Shell (SSH) Protocol client.

• Internet Control Message Protocol (ICMP) ping on/off: ICMP ping response can be turned on or off.

• Native RSA support: Support of the RSA proprietary interface on the ACS Solution Engine provides parity with ACS for Windows.

• Upgrade of Windows operating system.

Please refer to the product release notes at http://www.cisco.com/en/US/products/sw/secursw/ps5338/prod_release_notes_list.html for a complete list of new and changed features.

Upgrade Paths

Cisco Secure ACS Solution Engine 4.2 ships on the Cisco 1113 appliance platform. New customers should order part number CSACSE-1113-K9.
Cisco Secure ACS Solution Engine 4.0 and 4.1 customers with Cisco Software Application Support (SAS) can go to the product upgrade tool at http://www.cisco.com/upgrade and request the service release kit for their Cisco Secure ACS Solution Engine.
Cisco Secure ACS Solution Engine 4.0 and 4.1 customers without SAS should order part number CSACSE4.2-SW-MR-K9.
Cisco Secure ACS Solution Engine 3.x customers with the 1112 and 1113 appliances that wish to upgrade their software should order part number CSACSE-4.2-SWUP-K9. The 1111 appliance is not upgradeable to Cisco Secure ACS version 4.2. However, customers with Cisco Secure ACS Solution Engine 3.x with the 1111 (or 1112) appliance who wish to upgrade to the ACS Solution Engine 1113 appliance may order CSACSE-1113-UP-K9.
Existing Cisco Secure ACS for Windows customers who want to migrate to the Cisco ACS Solution Engine should order part number CSACSE-1113-UP-K9.

Availability

Cisco Secure ACS Solution Engine 4.2 will be available beginning March 15, 2008. Customers interested in purchasing these products can place orders through their normal sales channels.

Ordering Information

Table 1 lists ordering information for Cisco Secure Access Control Server 4.2.

Table 1. Ordering Information for Cisco Secure Access Control Server 4.2

Part Number

Description

CSACSE-1113-K9

Cisco Secure ACS Solution Engine 4.2; includes Cisco 1113 hardware platform and Cisco Secure ACS Software 4.2

CSACSE-1113-UP-K9

Upgrade for customers using Cisco Secure ACS for Windows, or the Cisco 1111 or 1112 platform to Cisco Secure ACS Solution Engine 4.2; includes Cisco 1113 hardware platform and Cisco Secure ACS Software 4.2

CSACSE-4.2-SWUP-K9

Cisco Secure ACS software upgrade to 4.2 for existing Cisco Secure ACS Solution Engine 3.x customers; covers Cisco 1112 and 1113 upgrade to Cisco Secure ACS Solution Engine 4.2; does not cover upgrade from Cisco 1111 platform

CSACSE4.2-SW-MR-K9

Cisco Secure ACS software upgrade to 4.2 for existing Cisco Secure ACS Solution Engine 4.0 and 4.1 customers

For More Information

For more information about Cisco Secure Access Control Server, visit http://www.cisco.com/go/acs or contact your local account representative.