VPNc 3005 version 4.7.2 and ACS 4.1 authentication question

cisco24x7 · ‎01-12-2008

I want to use ACS for managing the VPN

concentrator 3005. Right now I can

https://VPNc_ip_address into the concentrator using accounts I created on

the ACS. I want to configure the vpn3k

to fall back to local authentication if

the ACS become unreachable. Is it

possible?

2nd part of the question is that the

VPNc console does not accept ACS

accounts? It only takes "admin" account.

How do I go about doing the same thing

when logging into the console port of

the VPNc and force it to take AAA account? If AAA server is not available,

it will fall back to "admin" account.

Is it possible?

cisco24x7 · ‎01-12-2008

I am going to modify the 2n part of the question a little bit. Right now the vpnc

console takes botht the AAA accounts and

the "admin" account. I want the vpnc NOT

to use the "admin" when AAA is available.

Only use the "admin" account when AAA becomes

unavailable.

Richard Burts · ‎01-15-2008

David

I have looked for a way in the VPN concentrator to authenticate with ACS and to have a fall back to local if ACS was not available. While the implementation of authenticate with ACS and fall back to local when ACS is not available is common in IOS I have not found a way to do it with the VPN concentrator. I do not believe that this capability exists in the VPN concentrator.

HTH

Rick

HTH

Rick

cisco24x7 · ‎01-15-2008

Rick,

Basically, I am screwed if the ACS becomes

unavailable.

What about console authentication? currently,

I can log into the VPN3k with both the "admin"

and accounts on the ACS server even when

the ACS is available? Is it another bug in

the vpn3k?

CCIE security