VPNc 3005 version 4.7.2 and ACS 4.1 authentication question

Unanswered Question
Jan 12th, 2008

I want to use ACS for managing the VPN

concentrator 3005. Right now I can

https://VPNc_ip_address into the concentrator using accounts I created on

the ACS. I want to configure the vpn3k

to fall back to local authentication if

the ACS become unreachable. Is it

possible?

2nd part of the question is that the

VPNc console does not accept ACS

accounts? It only takes "admin" account.

How do I go about doing the same thing

when logging into the console port of

the VPNc and force it to take AAA account? If AAA server is not available,

it will fall back to "admin" account.

Is it possible?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisco24x7 Sat, 01/12/2008 - 05:59

I am going to modify the 2n part of the question a little bit. Right now the vpnc

console takes botht the AAA accounts and

the "admin" account. I want the vpnc NOT

to use the "admin" when AAA is available.

Only use the "admin" account when AAA becomes

unavailable.

Richard Burts Tue, 01/15/2008 - 08:35

David

I have looked for a way in the VPN concentrator to authenticate with ACS and to have a fall back to local if ACS was not available. While the implementation of authenticate with ACS and fall back to local when ACS is not available is common in IOS I have not found a way to do it with the VPN concentrator. I do not believe that this capability exists in the VPN concentrator.

HTH

Rick

cisco24x7 Tue, 01/15/2008 - 09:09

Rick,

Basically, I am screwed if the ACS becomes

unavailable.

What about console authentication? currently,

I can log into the VPN3k with both the "admin"

and accounts on the ACS server even when

the ACS is available? Is it another bug in

the vpn3k?

CCIE security

Actions

This Discussion