Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

ASA 5520 + IPSec with Tacacs authentication

Good day

i have ASA 5520 ios 8.4(5)

I was configure IPSec remote-access and authentication with tacacs for user (rvpn).

tacacs was configure at FreeBSD tac_plus

the same tacacs is service authentication to management access for users (admin and cisco)

All working, but i can connect over vpn with all users, it is not good for me.

How i can allow vpn connection for some users and deny for other?

all users stay in same tacacs server.

Thanks

3 REPLIES
Bronze

Re: ASA 5520 + IPSec with Tacacs authentication

it might be a little bit difficult for tacacs since it had limitedinfo sent by NAS. and the policy is set on your server, not on ASA. and server is not gonna know which request for vpn auth and which is for device auth...

better setup another server, or use radius.

Sent from Cisco Technical Support iPad App

Cisco Employee

ASA 5520 + IPSec with Tacacs authentication

I agree with Shaogin. You need to setup a radius server to use a Group-lock feature. If you would like to accomplish the same with local database, check here

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

ASA 5520 + IPSec with Tacacs authentication

Thank You guys.

I will think about it.

184
Views
0
Helpful
3
Replies
CreatePlease to create content