Hello, We have an SA 6500 in our environment for SSL-based portal pages and VPN usage and would like to better centralize our administrator authentication / authorization. Today we authenticate our administrators against Active Directory but we would like to migrate to RADIUS and leverage Cisco's ACS system so that we can track login activity on all of our devices from a single pane of glass, and ideally we would like to centralize our authorization as well (eg. return a value via RADIUS that tells the SA that the person who just logged in is a full admin, or a Read Only admin, etc). I have searched the forums and what admin guides I could come up with but I haven't really found much if any information relating to how I could accomplish these goals. I'm sure the information is out there, I just haven't been able to find it because all I get when searching for authentication / authorization for RADIUS are pages and pages of results for USER access (eg. VPN users), not ADMIN access. To boilerplate my questions: 1. Can an SA 6500 support remote administrator authentication using RADIUS? 1a. If so, do administrators need to be specified on-box or does it support true remote authentication (eg. users do not have to be defined on-box but will be allowed access provided that they authenticate properly against the remote datastore)? 2. Can an SA 6500 support remote administrator authorization using RADIUS, where RADIUS returns some kind of value to identify what role an administrator has (eg. full admin, read-only admin, etc)? 3. Can anyone provide links to guides or how-to's with any of this information? Thanks in Advance!
... View more