Cisco ACS 2.6

bma · ‎10-01-2002

Hi

I just install Cisco ACS 2.6 and want to work with Cisco concentrator 3015. I am new for ACS 2.6. I am using internal group for vpn user in the 3015 now.

Can I setup external group with ACS 2.6 for new group, still keep no change for internal group? I try setup a external group, but not working, but from System, Auth Server, do test, I can ping Acs 2.6, but from vpngroup auth server, test, I cannot ping ACS 2.6. I still am reading documents. Could give me some instruction to explain ACS 2.6 how to worki with Concentrator with

ACS 2.6 user database and NT user database?

thanks

ben

afakhan · ‎10-02-2002

Hi,

You can achieve (NT/W2K domain via ACS2.6) authentication by making an Internal (group type) on the concentrator, and configuring ACS 2.6 to authenticate against NT DB, this way you can also restrict users to a certain group existing on NT database.

point to :

http://www.cisco.com/warp/public/707/CiscoSecure.html

Thanks,

Afaq

bma · ‎10-04-2002

Thanks Afaq. External group can work with ACS now, but some function still not working.

1) On the ACS, has Attributes 27 "CVPN3000-IPSec-Split-Tunnel-List", How to config for this attributes and let's vpn group can do split traffic?

2). On the Password Aging Rules in the ACS, When I

am enable Apply age-by-uses rules, like:

Issue warning after logins 2

Require change after logins 5

After vpn login two times, vpn clinet cannot make connection, after disable

Apply age-by-user rules, connection is ok. do you think with ACS,

we can do password change for ACS users or for microsoft NT users?

Thanks

ben