Why VPN authenticates a local user

Unanswered Question
May 3rd, 2007
User Badges:
  • Silver, 250 points or more


attached to this post is the vpn configuration of my ASA, here my device authenticates user suresh & other users of AAA group, but it doesn't accept the tunnel-group users cbyvpn, i wanted to restrict the access of the AAA group not to login for VPN, bcoz that AAA group is meant only for logging on to this ASA via SSH or Telnet, but he can do both, so there is possibility that it can be mis-used. lemme know the configuration part where i hav done the mistake.

if i am not wrong "DefaultRAGroup" is the command which uses the local authentication AAA group. am i right?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

The security appliance provides two default tunnel groups, one for remote access (DefaultRAGroup) and one for LAN-to-LAN (DefaultL2LGroup). A remote-access Virtual Private Network (VPN) enables you to provide secure access to off-site users. ASDM enables you to configure the adaptive security appliance to create secure connections, or tunnels, across the Internet.

If you want to know more please click following URL:



This Discussion