Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Router remote access using cisco acs configuration

can anyone help me?

i have set up a test network for practice setting up a remote access
connection between a cisco vpn client and a cisco router using a cisco
secure acs (version 3.3) for authentication and authorization instead
of the local database, but i can't get it to work when i try to connect
using the vpn client i don't even get a username/password prompt, i belive
i have setup the acs server correctly and have added a user (see attachments)
but i have no idea if there is any further configuration that needs to be
done as a search of several books and the net has proved fruitless.

any help on this will be greatly appreciated


regards

Melvyn Brown


i tried to use the radius protocol for authentication and authorization
but that did not work either.


Router config


access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255

access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 any

ip local pool test-pool 192.168.4.1 192.168.4.254

crypto ipsec transform-set BOSTON esp-3des esp-md5-hmac

crypto isakmp client configuration group London
key cisco
domain cisco.com
pool test-pool
netmask 255.255.255.0
acl 101

aaa new-model

tacacs-server host 192.168.1.10
tacacs-server key secret1

aaa group server tacacs+ TACACS1
server 192.168.1.10

aaa authentication login userauthen group TACACS1
aaa authorization network groupauthor group TACACS1

crypto isakmp enable
crypto isakmp identity address

crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400

crypto dynamic-map dynmap 10
set transform-set BOSTON
reverse-route

crypto map client1 client authentication list userauthen
crypto map client1 isakmp authorization list groupauthor

crypto map client1 client configuration address respond
crypto map client1 20 ipsec-isakmp dynamic dynmap

interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
ip nat outside
crypto map client1
no shut

interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
no shut

route-map nonat permit 10
match ip address 102

ip nat inside source route-map nonat interface FastEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 192.168.2.2

1046
Views
0
Helpful
0
Replies