Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

bma
New Member

Cisco ACS 2.6

Hi

I just install Cisco ACS 2.6 and want to work with Cisco concentrator 3015. I am new for ACS 2.6. I am using internal group for vpn user in the 3015 now.

Can I setup external group with ACS 2.6 for new group, still keep no change for internal group? I try setup a external group, but not working, but from System, Auth Server, do test, I can ping Acs 2.6, but from vpngroup auth server, test, I cannot ping ACS 2.6. I still am reading documents. Could give me some instruction to explain ACS 2.6 how to worki with Concentrator with

ACS 2.6 user database and NT user database?

thanks

ben

2 REPLIES
Bronze

Re: Cisco ACS 2.6

Hi,

You can achieve (NT/W2K domain via ACS2.6) authentication by making an Internal (group type) on the concentrator, and configuring ACS 2.6 to authenticate against NT DB, this way you can also restrict users to a certain group existing on NT database.

point to :

http://www.cisco.com/warp/public/707/CiscoSecure.html

Thanks,

Afaq

bma
New Member

Re: Cisco ACS 2.6

Thanks Afaq. External group can work with ACS now, but some function still not working.

1) On the ACS, has Attributes 27 "CVPN3000-IPSec-Split-Tunnel-List", How to config for this attributes and let's vpn group can do split traffic?

2). On the Password Aging Rules in the ACS, When I

am enable Apply age-by-uses rules, like:

Issue warning after logins 2

Require change after logins 5

After vpn login two times, vpn clinet cannot make connection, after disable

Apply age-by-user rules, connection is ok. do you think with ACS,

we can do password change for ACS users or for microsoft NT users?

Thanks

ben

188
Views
0
Helpful
2
Replies
CreatePlease login to create content