topic Re: VPN3000 and TACACS Admin Access in Network Security

VPN3000 and TACACS Admin Access

thethmon — Fri, 21 Feb 2020 07:06:14 GMT

I am considering using my ACS (TACACS) to authenticate administration users on a new VPN 3000 concentrator. My concern is that there does not appear to be a fallback authentication method such as in the routers. Does anyone know if there is indeed a fallback authentication?

Also, can I configure TACACS users that correspond to any other account than the 'admin' account? I would like to be able to have read-only accounts use TACACS as well.

Re: VPN3000 and TACACS Admin Access

dfelska — Tue, 18 Nov 2003 20:24:58 GMT

We use TACACS for the admin on the 3000 and there is no fallback. You need to make sure you have multiple ACS servers available and defined. There is very little flexibility in how you do it with the 3000. We also have some issues using it with SecurID, however it seems to be fine if you don't need that.

Re: VPN3000 and TACACS Admin Access

thethmon — Tue, 18 Nov 2003 21:12:33 GMT

Thanks for the information. Hopefully Cisco will improve upon this in the near future.

Re: VPN3000 and TACACS Admin Access

n-magbade — Wed, 26 Nov 2003 23:23:59 GMT

I have configured the 3000 to use TACACS for admin but am presently unable to login to the concentrator. One thing I failed to do was set the privilege level for the admin user. I can see in the log that connectivity was established with the ACS but my password is being refused with no error. Any ideas, Thx.