Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Features comparison between AAA server and VPN 3000 concentrator user auth.


Is it necessary to have AAA server (CSACS) for VPN 3000 concentrator remote access VPN users or the options available in the VPN concentrator are enough to have better authentication ,user netweok access levels , bandwidth assignment for each user,Timebased access and others.

Could you explain in what way AAA server gives scalbility and manageability in terms of AAA functionality.


Re: Features comparison between AAA server and VPN 3000 concentr

I believe there is a limit to the number of users that can be configured locally on the VPN concentrator. The number 100 comes to mind.

I've found that it works best to configure the groups locally on the concentrator, and use the AAA server for user authentication. I've tried configuring the groups on my ACS servers, but keeping up with new attributes introduced with new releases of concentrator code became an issue, and there wasn't really much benefit that I could see.

By using AAA for the user accounts, I'm able to greatly reduce administrative overhead by tying the authentication to our Windows domain. Granting VPN access is now just a simple matter of adding the domain user to the appropriate VPN collection within active directory.

CreatePlease to create content