cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1022
Views
0
Helpful
3
Replies

VPN3000 and TACACS Admin Access

thethmon
Level 1
Level 1

I am considering using my ACS (TACACS) to authenticate administration users on a new VPN 3000 concentrator. My concern is that there does not appear to be a fallback authentication method such as in the routers. Does anyone know if there is indeed a fallback authentication?

Also, can I configure TACACS users that correspond to any other account than the 'admin' account? I would like to be able to have read-only accounts use TACACS as well.

3 Replies 3

dfelska
Level 1
Level 1

We use TACACS for the admin on the 3000 and there is no fallback. You need to make sure you have multiple ACS servers available and defined. There is very little flexibility in how you do it with the 3000. We also have some issues using it with SecurID, however it seems to be fine if you don't need that.

Thanks for the information. Hopefully Cisco will improve upon this in the near future.

I have configured the 3000 to use TACACS for admin but am presently unable to login to the concentrator. One thing I failed to do was set the privilege level for the admin user. I can see in the log that connectivity was established with the ACS but my password is being refused with no error. Any ideas, Thx.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: