TACACS+ and RADIUS on ASA

Unanswered Question
Feb 16th, 2010
User Badges:

I am using an ASA 5510 for IPSec and SSL VPN access.   I want the VPN users to use RADIUS and use TACACS+ for management via ssh, telnet or https.  How can I configure that?  I tried to get TACACS+ working via the management port but was unsuccessful.  Currently, I am using RADIUS (using inside ip address as device ip in ACS) but that does not differentiate the users.


I know that this will also require configuration on the ACS boxes, but has anyone else done this successfully and can offer some assistance?


Thx,

Ryan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Tue, 02/16/2010 - 15:17
User Badges:
  • Green, 3000 points or more

Hi,


The ASA needs to be configured as a AAA client on the ACS.

The ASA needs to be configured to have the ACS as a TACACS+ and a Radius AAA Server.


I've done this configuration succesfully in the past.

Look at this document and let me know where are you having problems...


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008080f2d1.shtml


Federico.

Actions

This Discussion