07-15-2002 08:49 PM - edited 02-21-2020 11:56 AM
1. One of the default user in VPN 3080 is 'config'. If this user is given the following access rights, it still couldn't to access 'File Management' area, with message "You do not have sufficient authorization to access the specified page."
Authentication="View Config"
General="View Config"
SNMP="View Config"
Files="List Files" or "Read Files" or "Read/Write Files" access.
* user authen. based on local profile in VPN box.
No external authentication server is in used.
2. If access to VPN box is authenticated by TACACS+, can I used local admin ID to access my VPN unit in case the TACACS+ server is down, which is similar to router or pix?
3. When TACACS+ is in used, access to the VPN Concentrator manager using the same admin ID is not allow for simultaneous access at the same time.However, when local database (default VPN DBase) is being used, it allows multiple access/login to the same box, at the same time, using the same ID. What is the difference (and inconsistency) between TACACS+ and local VPN database, as TACACS+ is more secure to be used.
4. VPN 3080 Concentrator exports the log file to an FTP server when the buffer is full. Is it possible to periodically export the log file with the following options:
(a) Daily - export & generate a new log file at 12:01 am local time every day.
(b) Weekly - export & generate a new log file at 12:01 am local time every
Sunday.
(c) Monthly - export & generate a new log file at 12:01 am on the first day of
every month.
Thank you.
07-15-2002 10:23 PM
1. Only the user marked as Administrator can actually get into the whole Administration section, and you cna only have one user configured as the Administrator. Once the admin can get into that section, you can then give them only certain rights to files, etc. And yes, that is pretty useless because they can then just go in and change those rights because they're the administrator.
2. No. If the TACACS server is down, the only access is via the console port. You can add backup TACACS servers into the list, but if the concentrator reaches the bottom of the list, it denies the access.
3. What error do you get in the log on the concentrator? Have you verified that you don't have a limit of one login set on the TACACS server?
4. No, no and no.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide