×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ACS, Tacacs, and VPN

Unanswered Question
Apr 25th, 2003
User Badges:

Hi,


I was hoping someone can help me.

I currently have set up out ACS servers to AAA our routers and switches for different groups of users.

Can I also use the same ACS servers to manage the same people in a different group for our VPN concnetrators?

What I mean is, can one user belong to 2 differnent groups in the same ACS server?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gfullage Sun, 04/27/2003 - 18:24
User Badges:
  • Cisco Employee,

A user can only be in one ACS group. In the routers, switches and VPN concentrators are all listed as NAS's in ACS then theoretically that one user should be able to access all the devices.


Not exactly sure what you mean by "manage the same people in a different group", can you explain that a bit more?


If you want to have the one userid only get access to the routers/switches and not the VPN conc, then you'll have to use the Network Access Restrictions in that ACS group and add the routers/switches in, that way if that user tries to authenticate to the VPN conc they'll be denied.

Actions

This Discussion