VPNc 3005 version 4.7.2 and ACS 4.1 authentication question

Unanswered Question
Jan 12th, 2008
User Badges:
  • Silver, 250 points or more

I want to use ACS for managing the VPN

concentrator 3005. Right now I can

https://VPNc_ip_address into the concentrator using accounts I created on

the ACS. I want to configure the vpn3k

to fall back to local authentication if

the ACS become unreachable. Is it


2nd part of the question is that the

VPNc console does not accept ACS

accounts? It only takes "admin" account.

How do I go about doing the same thing

when logging into the console port of

the VPNc and force it to take AAA account? If AAA server is not available,

it will fall back to "admin" account.

Is it possible?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cisco24x7 Sat, 01/12/2008 - 05:59
User Badges:
  • Silver, 250 points or more

I am going to modify the 2n part of the question a little bit. Right now the vpnc

console takes botht the AAA accounts and

the "admin" account. I want the vpnc NOT

to use the "admin" when AAA is available.

Only use the "admin" account when AAA becomes


Richard Burts Tue, 01/15/2008 - 08:35
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


I have looked for a way in the VPN concentrator to authenticate with ACS and to have a fall back to local if ACS was not available. While the implementation of authenticate with ACS and fall back to local when ACS is not available is common in IOS I have not found a way to do it with the VPN concentrator. I do not believe that this capability exists in the VPN concentrator.



cisco24x7 Tue, 01/15/2008 - 09:09
User Badges:
  • Silver, 250 points or more


Basically, I am screwed if the ACS becomes


What about console authentication? currently,

I can log into the VPN3k with both the "admin"

and accounts on the ACS server even when

the ACS is available? Is it another bug in

the vpn3k?

CCIE security


This Discussion