05-31-2006 04:56 AM - edited 02-21-2020 10:15 AM
All,
I have my VPN working but I don't want everyone to log in using a common group name and password. Can I use my ACS box for authentication for incoming VPN connections?
06-01-2006 06:36 AM
There are a number of authentication options and ACS supports two of them in Tacacas + & Radius. Look at the configuration guide for your VPN end point.
06-02-2006 04:22 AM
Depending on your version you can hand off user authentication to a Radius, Tacacs, RSA, AD or Kerberos.
Here is an example on 6.3(x)
Create aaa server:
aaa-server partner-auth protocol radius
aaa-server partner-auth max-failed-attempts 3
aaa-server partner-auth deadtime 10
aaa-server partner-auth (RSA) host a.b.c.d sharedsecret timeout 20
reference aaa server in crypto map:
crypto dynamic-map dynmap 10 set transform-set vpnset
crypto map vpnmap 20 ipsec-isakmp dynamic dynmap
crypto map vpnmap client token authentication partner-auth
crypto map vpnmap interface outside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide