01-12-2008 05:53 AM - edited 03-10-2019 03:35 PM
I want to use ACS for managing the VPN
concentrator 3005. Right now I can
https://VPNc_ip_address into the concentrator using accounts I created on
the ACS. I want to configure the vpn3k
to fall back to local authentication if
the ACS become unreachable. Is it
possible?
2nd part of the question is that the
VPNc console does not accept ACS
accounts? It only takes "admin" account.
How do I go about doing the same thing
when logging into the console port of
the VPNc and force it to take AAA account? If AAA server is not available,
it will fall back to "admin" account.
Is it possible?
01-12-2008 05:59 AM
I am going to modify the 2n part of the question a little bit. Right now the vpnc
console takes botht the AAA accounts and
the "admin" account. I want the vpnc NOT
to use the "admin" when AAA is available.
Only use the "admin" account when AAA becomes
unavailable.
01-15-2008 08:35 AM
David
I have looked for a way in the VPN concentrator to authenticate with ACS and to have a fall back to local if ACS was not available. While the implementation of authenticate with ACS and fall back to local when ACS is not available is common in IOS I have not found a way to do it with the VPN concentrator. I do not believe that this capability exists in the VPN concentrator.
HTH
Rick
01-15-2008 09:09 AM
Rick,
Basically, I am screwed if the ACS becomes
unavailable.
What about console authentication? currently,
I can log into the VPN3k with both the "admin"
and accounts on the ACS server even when
the ACS is available? Is it another bug in
the vpn3k?
CCIE security
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide