Network Access Control

In a VPN 3000 Concentrator config, what are the ramifications of an unauthorised user knowing the group username and password?I have a situation where a proposed solution has a single group defined, which all users are part of. The group username and...

I have a CVPN3015 and now I want to setup VPN client to authenticate with my AD. Can it be done?CVPN3015 with NT domain (NT4)is OK!

I've seen it mentioned in the install guide that for full TACACS & Radius functionality IOS 11.2 should be installed, but I'm looking for the official, minimum IOS version that is tested and supported with CS ACS NT 3.0. I'm looking for that data as ...

Hi,How to configure an AAA server for PIX VPN remote access? I saw a entry in a sample configuration:"aaa-server partnerauth (dmz) host 192.168.101.2 abcdef timeout 5"Please advise.Thanks,Roger

We face a strange scenario with a VPDN setup. We hold an ACS v2.6 and a c3660 router at the end-point.We need to activate a method to define the "interesting traffic" that will reset the idle-timeout.Let's assume that a remote-user sees A and B.When ...

We have Pix 515E firewall configured to use RADIUS authentication.We need to be able to exclude one website from being authenticated. This website access is only allowed from one trusted source address (see access list below).We use access group to ...

In PIX OS version 6.1, the "aaa authentication" command does not have the option to configur for either inbound or outbound. Is this mean when I configure the aaa authentication command, it's for both inbound and outbound??If it is for both is ther a...

Hi,I just read that downloadble ACL's do not work for VPN users and that it only helps in passthrough authentication. The workaround solution was to define the ACL on the pix and send down the ACL number on the ACS server. I have been lookking throu...

Scenario: Currently have a ACS (3.02) for Win2K, we recently purchased another server (faster) to act as a secondary AAA server.Question:1) Once the initial replication occurs between the old server (primary) to the new server (secondary), are there...

Hi AllIs it possible to use radius for authentication on Cisco switches? These switches range from Cat1900 to 29xx to 3550 to 5500!!Regards!

Hi I just install Cisco ACS 2.6 and want to work with Cisco concentrator 3015. I am new for ACS 2.6. I am using internal group for vpn user in the 3015 now. Can I setup external group with ACS 2.6 for new group, still keep no change for internal...

I recieve a failed attempt when dialling in to the network and using Safeword key token to authenticate with the Cisco ACS the Error is "Eternal DB reports Error condition" Any help please.

We have switched to a different Radius Server (FreeRadius) in order to be able to use AAA Acounting to bill the customer by the byte. The Cisco box being used is a 7206VXR/NPE300 and when we point the Cisco router to the new Radius Server, the CPU ut...

HiWe will possibly be attaining a Cisco Secure ACS 2.4 for installation on an NT server. The current solution that we have is just a bank of modems at the back on the NT server. We are hoping to change this by installing the ACS on the NT server and ...

I am attempting to set up my 6506 to use RADIUS authentication using my Windows 2000 accounts database. What I would like to do is make it so my Windows 2000 account (we'll call it "superuser" here) has level 15 access to the switch, with a local ac...