Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
876
Views
0
Helpful
1
Replies

Shifting of VPN local authentication to TACACS+??

abhisar patil
Level 1
Level 1

‎07-27-2011 03:42 AM

Dear All,

I  want to shift local vpn user authentication(Cisco Router as VPN Server)  to TACACS+. I have changed the required configuration but it is not  working.

Current Config : Local authentication.

aaa new-model

aaa authentication login vpn-users local

aaa authorization network vpn-users local

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

!

crypto isakmp policy 2

encr aes

hash md5

authentication pre-share

group 5

crypto ipsec transform-set vpn esp-3des esp-md5-hmac

crypto dynamic-map vpn-map 1                                                   

set transform-set vpn

reverse-route

crypto isakmp client configuration group vpn-users

key +3CH13AD

dns 10.0.0.3

domain abc.com

pool dial-vpn

acl 104 

netmask 255.255.255.0

!        

crypto map vpn-map client authentication list vpn-users

crypto map vpn-map isakmp authorization list vpn-users

crypto map vpn-map client configuration address respond

Changed config : For Tacacs+

aaa authentication login vpn-users group tacacs+ local

tacacs-server host 10.0.2.10 key  cisc0123

And created vpn-users list on Cisco ACS. But not working, it is taking local authentication only.

Please help.

Abhisar.

Labels:
0 Helpful
1 Reply 1

Atul Singh
Level 1
Level 1

‎08-03-2011 03:52 PM

Hi Abhisar,

If its taking local authentication, then it must mean that tacacs server is unavailable or the router is unable to make a connection to ACS. Take tacacs debugs to confirm that and check the connectivity between the two. TACACS uses tcp/49.

-Atul

0 Helpful
Customers Also Viewed These Support Documents