Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
560
Views
0
Helpful
3
Replies

ASA 5520 + IPSec with Tacacs authentication

Nikolay Savin
Level 1
Level 1

‎07-28-2013 09:03 AM - edited ‎03-10-2019 08:41 PM

Good day

i have ASA 5520 ios 8.4(5)

I was configure IPSec remote-access and authentication with tacacs for user (rvpn).

tacacs was configure at FreeBSD tac_plus

the same tacacs is service authentication to management access for users (admin and cisco)

All working, but i can connect over vpn with all users, it is not good for me.

How i can allow vpn connection for some users and deny for other?

all users stay in same tacacs server.

Thanks

Labels:
0 Helpful
3 Replies 3

Shaoqin Li
Level 3
Level 3

‎07-28-2013 09:16 AM

it might be a little bit difficult for tacacs since it had limitedinfo sent by NAS. and the policy is set on your server, not on ASA. and server is not gonna know which request for vpn auth and which is for device auth...

better setup another server, or use radius.

Sent from Cisco Technical Support iPad App

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to Shaoqin Li

‎07-28-2013 02:22 PM

I agree with Shaogin. You need to setup a radius server to use a Group-lock feature. If you would like to accomplish the same with local database, check here

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful

Nikolay Savin
Level 1
Level 1
In response to Jatin Katyal

‎07-29-2013 05:59 AM

Thank You guys.

I will think about it.

0 Helpful
Customers Also Viewed These Support Documents