TACACS+ and RADIUS on ASA

Unanswered Question
Feb 16th, 2010

I am using an ASA 5510 for IPSec and SSL VPN access.   I want the VPN users to use RADIUS and use TACACS+ for management via ssh, telnet or https.  How can I configure that?  I tried to get TACACS+ working via the management port but was unsuccessful.  Currently, I am using RADIUS (using inside ip address as device ip in ACS) but that does not differentiate the users.

I know that this will also require configuration on the ACS boxes, but has anyone else done this successfully and can offer some assistance?

Thx,

Ryan

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Tue, 02/16/2010 - 15:17

Hi,

The ASA needs to be configured as a AAA client on the ACS.

The ASA needs to be configured to have the ACS as a TACACS+ and a Radius AAA Server.

I've done this configuration succesfully in the past.

Look at this document and let me know where are you having problems...

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008080f2d1.shtml

Federico.

Actions

This Discussion