Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
429
Views
0
Helpful
2
Replies

VPN Authentication and ACS

mrashby
Level 1
Level 1

‎05-31-2006 04:56 AM - edited ‎02-21-2020 10:15 AM

All,

I have my VPN working but I don't want everyone to log in using a common group name and password. Can I use my ACS box for authentication for incoming VPN connections?

Labels:
0 Helpful
2 Replies 2

cpembleton
Level 4
Level 4

‎06-01-2006 06:36 AM

There are a number of authentication options and ACS supports two of them in Tacacas + & Radius. Look at the configuration guide for your VPN end point.

0 Helpful

arnovdw
Level 1
Level 1
In response to cpembleton

‎06-02-2006 04:22 AM

Depending on your version you can hand off user authentication to a Radius, Tacacs, RSA, AD or Kerberos.

Here is an example on 6.3(x)

Create aaa server:

aaa-server partner-auth protocol radius

aaa-server partner-auth max-failed-attempts 3

aaa-server partner-auth deadtime 10

aaa-server partner-auth (RSA) host a.b.c.d sharedsecret timeout 20

reference aaa server in crypto map:

crypto dynamic-map dynmap 10 set transform-set vpnset

crypto map vpnmap 20 ipsec-isakmp dynamic dynmap

crypto map vpnmap client token authentication partner-auth

crypto map vpnmap interface outside

0 Helpful
Customers Also Viewed These Support Documents