Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
317
Views
0
Helpful
1
Replies

tacacs+ vpn authorization

ryancolson
Level 1
Level 1

‎03-30-2009 07:58 AM

I am somewhat familiar with radius/tacacs authentication for VPNs on ASA firewalls(and somewhat on IOS router based VPN). What have been able to do using MS IAS radius is have radius return the group policy name for a given user based on group membership. What I am wondering is if the policy itself can be stored in MS IAS, or, more importantly, if the group name/parameters can be specificed using cisco TACACS+ instead of radius for vpn authentication/authorization.

Labels:
0 Helpful
1 Reply 1

Ivan Martinon
Level 7
Level 7

‎03-31-2009 11:03 AM

This can only be achieved by using radius as the protocols since it is more flexible with the attributes you can use, if you had an ACS, then you would not need to define specific values as ACS has the specific VPN attributes needed for the external group authorization. There is an ldap vpn-3000 schema that you can import to your AD to define this specific vpn-3000 attriubutes that are used, but I am not sure that an external radius authorization setup would support other than Radius.

0 Helpful
Customers Also Viewed These Support Documents