Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1337
Views
0
Helpful
1
Replies

Shifting of VPN local authentication to TACACS+??

abhisar patil
Level 1
Level 1

‎07-27-2011 03:41 AM - edited ‎03-10-2019 06:15 PM

Dear All,

I want to shift local vpn user authentication(Cisco Router as VPN Server) to TACACS+. I have changed the required configuration but it is not working.

Current Config : Local authentication.

aaa new-model

aaa authentication login vpn-users local

aaa authorization network vpn-users local

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

!

crypto isakmp policy 2

encr aes

hash md5

authentication pre-share

group 5

crypto ipsec transform-set vpn esp-3des esp-md5-hmac

crypto dynamic-map vpn-map 1                                                   

set transform-set vpn

reverse-route

crypto isakmp client configuration group vpn-users

key +3CH13AD

dns 10.0.0.3

domain abc.com

pool dial-vpn

acl 104 

netmask 255.255.255.0

!        

crypto map vpn-map client authentication list vpn-users

crypto map vpn-map isakmp authorization list vpn-users

crypto map vpn-map client configuration address respond

Changed config : For Tacacs+

aaa authentication login vpn-users group tacacs+ local

tacacs-server host 10.0.2.10 key  cisc0123

Ans created vpn-users list on Cisco ACS. But not working, it is taking local authentication only.

Please help.

Abhisar.

Labels:
0 Helpful
1 Reply 1

slawford
Cisco Employee
Cisco Employee

‎07-29-2011 10:15 PM

Hi Abhisar,

What do you see in the output of "sh tacacs"? do you see any timeouts or errors?

Also, have you added the router as a network device in ACS, and do you see anything in the ACS logs?

Regards,

Steve.

0 Helpful
Customers Also Viewed These Support Documents