Cisco ACS for Eazy VPN

Unanswered Question
Feb 11th, 2007

Hi,

can i configure Cisco ACS with Eazy VPN? because currently i have been using eazy vpn, planning if Eazy VPN can be configured with the Cisco ACS, by implementing this, in need not create VPN users on the cisco router, i just wanted the users to be created on cisco ACS & the information should be logged on the cisc ACS, i mean what time the VPN user has logged in & logged out etc..

currently using cisco 1751 router for Eazy VPN

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anand S Sun, 02/11/2007 - 22:35

wow amith,

exactly what i wanted is there in that link which you have sent. thanks a lot, will get back to you once i configure. ofcourse will rate the post too along with my result.

Anand S Mon, 02/12/2007 - 01:26

hi amith,

it worked out, i could able to see the remote IP, which users has logged in, but i could not see what ip address has assigned to the user, also twice i need to enter the user name & password. i mean 1st time when it asks, i need to enter the user name & passwd present on the router & only if that is correct, it will ask me the Cisco ACS password. quite nice. but what ever users are present in that cisco ACS, it is accepting, which i feel not safe, because hardly 10 users will logging for vpn & reset 40 users are created for accessing the LAN switches, in that case how do i avoid the rest 40 users to login vpn,if they come to know the routers user name & password?

Amit Singh Mon, 02/12/2007 - 01:34

Anand,

Please use NAR (Network Access restriction) on CSACS to restrict the user access.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080205a4a.html

Also,Which device has the ip address pools. Is it the ACS server or the VPN device.If its on VPN device, you will will not be able to see it on ACS. You can only check it on the device itself. You can also use Cisco ACS to configure the address pools for the specific user groups.

HTH,Please rate if it does.

-amit singh

Anand S Mon, 02/12/2007 - 03:00

Hi Amit,

i have enabled "aaa authentication login userauthen group tacacs+ enable local" instead of radius, but i couldn't see the start & stop long information, i have specified "aaa accounting exe default start-stop group tacacs+" & also aaa accounting exec default start-stop group tacacs+".

sure i will rate the post

Actions

This Discussion