Is it possible to force AAA uauth queries via attached users behind a router doing L2L with an ASA - where the ACS server is behind the ASA? This would be used to control Internet access for hosts behind the router - using split-tunnel and going out their own ISP for Internet. Sorry if this sounds a bit convoluted.
Yes, this is possible. I am not sure I am really following what you are authenticating, but it is possible to send AAA requests across an L2L. There is a known bug in 8.0 - 8.0(3) which prevents this. Make sure you are running 7.2x code or 8.0(4). In order for this to work, you will need to define your AAA servers, and make sure that they are in your ACL that defines your crypto map, so that the router or ASA knows where to send the request. Reply if you need a config example (and let me know if you need the ASA config or the router IOS config). Attaching your config(s) would be helpful, along with your AAA server information, so that I can just put in what changes need to be made.
This is supposition for now. To clarify, a user behind the router opens a browser to surf the web. He is using the local ISP for Internet (split-tunnel). I want to have the ability to force him to authenticate before being allowed to access the Internet - otherwise anyone behind the router has open access to the Internet.
If you sya that's possible - then I can upload configs. for your assitance. Thanks.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :