topic VPN Authentication and ACS in Network Access Control

VPN Authentication and ACS

mrashby — Fri, 21 Feb 2020 18:15:59 GMT

All,

I have my VPN working but I don't want everyone to log in using a common group name and password. Can I use my ACS box for authentication for incoming VPN connections?

Re: VPN Authentication and ACS

cpembleton — Thu, 01 Jun 2006 13:36:21 GMT

There are a number of authentication options and ACS supports two of them in Tacacas + & Radius. Look at the configuration guide for your VPN end point.

Re: VPN Authentication and ACS

arnovdw — Fri, 02 Jun 2006 11:22:50 GMT

Depending on your version you can hand off user authentication to a Radius, Tacacs, RSA, AD or Kerberos.

Here is an example on 6.3(x)

Create aaa server:

aaa-server partner-auth protocol radius

aaa-server partner-auth max-failed-attempts 3

aaa-server partner-auth deadtime 10

aaa-server partner-auth (RSA) host a.b.c.d sharedsecret timeout 20

reference aaa server in crypto map:

crypto dynamic-map dynmap 10 set transform-set vpnset

crypto map vpnmap 20 ipsec-isakmp dynamic dynmap

crypto map vpnmap client token authentication partner-auth

crypto map vpnmap interface outside