Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AAA Radius Authentication for Remote VPN With ACS Server Across L2L VPN

Hi,

I have an ASA running fine on the network which provide L2L tunnel to remote site and provide Remote VPN for remote access users.

Currently, there is a need for the users to authenticate against an ACS server that located across the L2L VPN tunnel.

The topology is just simple with 2 interfaces on the ASA, inside and outside, and a default route pointing to the ISP IP Address.

I can ping the IP address of the ACS Server (which located at the remote site, IP addr: 10.10.10.56) from the ASA:

ping inside 10.10.10.56

However when I configure the ASA for the AAA group with commands:

aaa-server ACSAuth protocol radius

aaa-server ACSAuth host (inside) 10.10.10.56 key AcsSecret123

Then when I do the show run, here is the result:

aaa-server ACSAuth protocol radius

aaa-server host 10.10.10.56

key AcsSecret123

From what I thought is, with this running config, traffic is not directed to the L2L VPN tunnel

(seems to be directed to the default gateway due to the default route information) which cause failure to do the AAA authentication.

Does anybody ever implement such this thing and whether is it possible? And if yes, how should be the config?

Your help will be really appreciated!

Thanks.

Best Regards,

Jo

2 REPLIES
Bronze

Re: AAA Radius Authentication for Remote VPN With ACS Server Acr

AAA is designed to enable you to dynamically configure the type of authentication and authorization you want on a per-line (per-user) or per-service (for example, IP, IPX, or VPDN) basis. You define the type of authentication and authorization you want by creating method lists, then applying those method lists to specific services or interfaces.

http://www.cisco.com/en/US/docs/ios/12_4/secure/configuration/guide/schaaa.html

Green

Re: AAA Radius Authentication for Remote VPN With ACS Server Acr

Amazing that a bot has a bronze star!

118
Views
0
Helpful
2
Replies