cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1073
Views
0
Helpful
1
Replies

vpn3000 authorization using windows acs server

aemr
Level 1
Level 1

I would like to authorize groups and users against an acs server. I am having trouble understanding what needs to be set on the concentrator and acs server.

On the concentrator I have configured the acs servers globally as authorization servers. Then in the 'Identity' tab I selected 'external'for type field. This removed all other tabs from the group.

I created a group on the acs server and set the vpn3000 specific attributes but dont see any options to create rules and filters to limit access. I have been able to authenticate users through the acs server but when I switch the authorization to external vpnclient connection hangs with the concentrator not replying to the client.

Thanks for any help or guidance you can provide.

Art

1 Reply 1

ehirsel
Level 6
Level 6

With ACS, you need to allow the attributes to be configurable - that is to be seen in the proper configuration panel. This is done using interface configuration on the ACS system - it basically lets you determine what attributes you want to config and what you do not. Loading the Radius VSA's in only the first step, doing the interface config is the 2nd.

See these URLs for more details:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/g.htm#wp479888 - refer to the section about downloadable acls.

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs33/user/i.htm#wp401829

http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_1/config/servers.htm

Let me know if you need more help.