02-11-2007 09:44 PM - edited 03-05-2019 02:17 PM
Hi,
can i configure Cisco ACS with Eazy VPN? because currently i have been using eazy vpn, planning if Eazy VPN can be configured with the Cisco ACS, by implementing this, in need not create VPN users on the cisco router, i just wanted the users to be created on cisco ACS & the information should be logged on the cisc ACS, i mean what time the VPN user has logged in & logged out etc..
currently using cisco 1751 router for Eazy VPN
02-11-2007 10:21 PM
Hi Ananad,
You can certainly use Cisco ACS for EasyVPN.It will be configured and works the same way as the IPSEC VPN configuration on Cisco devices. Please see the link below for the configuration example:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800946b7.shtml
HTH,
-amit singh
02-11-2007 10:35 PM
wow amith,
exactly what i wanted is there in that link which you have sent. thanks a lot, will get back to you once i configure. ofcourse will rate the post too along with my result.
02-12-2007 01:26 AM
hi amith,
it worked out, i could able to see the remote IP, which users has logged in, but i could not see what ip address has assigned to the user, also twice i need to enter the user name & password. i mean 1st time when it asks, i need to enter the user name & passwd present on the router & only if that is correct, it will ask me the Cisco ACS password. quite nice. but what ever users are present in that cisco ACS, it is accepting, which i feel not safe, because hardly 10 users will logging for vpn & reset 40 users are created for accessing the LAN switches, in that case how do i avoid the rest 40 users to login vpn,if they come to know the routers user name & password?
02-12-2007 01:34 AM
Anand,
Please use NAR (Network Access restriction) on CSACS to restrict the user access.
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml
Also,Which device has the ip address pools. Is it the ACS server or the VPN device.If its on VPN device, you will will not be able to see it on ACS. You can only check it on the device itself. You can also use Cisco ACS to configure the address pools for the specific user groups.
HTH,Please rate if it does.
-amit singh
02-12-2007 03:00 AM
Hi Amit,
i have enabled "aaa authentication login userauthen group tacacs+ enable local" instead of radius, but i couldn't see the start & stop long information, i have specified "aaa accounting exe default start-stop group tacacs+" & also aaa accounting exec default start-stop group tacacs+".
sure i will rate the post
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide