Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Silver

VPNc 3005 version 4.7.2 and ACS 4.1 authentication question

I want to use ACS for managing the VPN

concentrator 3005. Right now I can

https://VPNc_ip_address into the concentrator using accounts I created on

the ACS. I want to configure the vpn3k

to fall back to local authentication if

the ACS become unreachable. Is it

possible?

2nd part of the question is that the

VPNc console does not accept ACS

accounts? It only takes "admin" account.

How do I go about doing the same thing

when logging into the console port of

the VPNc and force it to take AAA account? If AAA server is not available,

it will fall back to "admin" account.

Is it possible?

3 REPLIES
Silver

Re: VPNc 3005 version 4.7.2 and ACS 4.1 authentication question

I am going to modify the 2n part of the question a little bit. Right now the vpnc

console takes botht the AAA accounts and

the "admin" account. I want the vpnc NOT

to use the "admin" when AAA is available.

Only use the "admin" account when AAA becomes

unavailable.

Hall of Fame Super Silver

Re: VPNc 3005 version 4.7.2 and ACS 4.1 authentication question

David

I have looked for a way in the VPN concentrator to authenticate with ACS and to have a fall back to local if ACS was not available. While the implementation of authenticate with ACS and fall back to local when ACS is not available is common in IOS I have not found a way to do it with the VPN concentrator. I do not believe that this capability exists in the VPN concentrator.

HTH

Rick

Silver

Re: VPNc 3005 version 4.7.2 and ACS 4.1 authentication question

Rick,

Basically, I am screwed if the ACS becomes

unavailable.

What about console authentication? currently,

I can log into the VPN3k with both the "admin"

and accounts on the ACS server even when

the ACS is available? Is it another bug in

the vpn3k?

CCIE security

131
Views
0
Helpful
3
Replies