Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
501
Views
0
Helpful
5
Replies

Cisco ACS for Eazy VPN

Anand Narayana
Level 6
Level 6

‎02-11-2007 09:44 PM - edited ‎03-05-2019 02:17 PM

Hi,

can i configure Cisco ACS with Eazy VPN? because currently i have been using eazy vpn, planning if Eazy VPN can be configured with the Cisco ACS, by implementing this, in need not create VPN users on the cisco router, i just wanted the users to be created on cisco ACS & the information should be logged on the cisc ACS, i mean what time the VPN user has logged in & logged out etc..

currently using cisco 1751 router for Eazy VPN

Labels:
0 Helpful
5 Replies 5

Amit Singh
Cisco Employee
Cisco Employee

‎02-11-2007 10:21 PM

Hi Ananad,

You can certainly use Cisco ACS for EasyVPN.It will be configured and works the same way as the IPSEC VPN configuration on Cisco devices. Please see the link below for the configuration example:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800946b7.shtml

HTH,

-amit singh

0 Helpful

Anand Narayana
Level 6
Level 6
In response to Amit Singh

‎02-11-2007 10:35 PM

wow amith,

exactly what i wanted is there in that link which you have sent. thanks a lot, will get back to you once i configure. ofcourse will rate the post too along with my result.

0 Helpful

Anand Narayana
Level 6
Level 6
In response to Anand Narayana

‎02-12-2007 01:26 AM

hi amith,

it worked out, i could able to see the remote IP, which users has logged in, but i could not see what ip address has assigned to the user, also twice i need to enter the user name & password. i mean 1st time when it asks, i need to enter the user name & passwd present on the router & only if that is correct, it will ask me the Cisco ACS password. quite nice. but what ever users are present in that cisco ACS, it is accepting, which i feel not safe, because hardly 10 users will logging for vpn & reset 40 users are created for accessing the LAN switches, in that case how do i avoid the rest 40 users to login vpn,if they come to know the routers user name & password?

0 Helpful

Amit Singh
Cisco Employee
Cisco Employee
In response to Anand Narayana

‎02-12-2007 01:34 AM

Anand,

Please use NAR (Network Access restriction) on CSACS to restrict the user access.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080205a4a.html

Also,Which device has the ip address pools. Is it the ACS server or the VPN device.If its on VPN device, you will will not be able to see it on ACS. You can only check it on the device itself. You can also use Cisco ACS to configure the address pools for the specific user groups.

HTH,Please rate if it does.

-amit singh

0 Helpful

Anand Narayana
Level 6
Level 6
In response to Amit Singh

‎02-12-2007 03:00 AM

Hi Amit,

i have enabled "aaa authentication login userauthen group tacacs+ enable local" instead of radius, but i couldn't see the start & stop long information, i have specified "aaa accounting exe default start-stop group tacacs+" & also aaa accounting exec default start-stop group tacacs+".

sure i will rate the post

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card