Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1526
Views
5
Helpful
1
Replies

Do you need a Radius or TACAS+ server to authenticate VPN Clients ?

l.kellett
Level 1
Level 1

‎01-10-2003 02:13 AM - edited ‎02-21-2020 10:05 AM

Can you authenticate VPN clients on a router where the VPN is terminated, or do you need a TACAS+ or Radius server for authentication?

Labels:
0 Helpful
1 Reply 1

mclach
Level 1
Level 1

‎01-10-2003 03:09 AM

Hi Lee,

That is a good question.

If you are referring to User Authentication for the VPN Client you can rely upon the Locally configured usernames on the Router. Most customer prefers to have the flexibilty of using Xauth (extended authentication) i.e. using a Radius or TACACS to authenticate the users to.

Here is a good sample configuration that will explain how to configure

xauth on a router:

http://www.cisco.com/warp/public/707/ios_usr_rad.html

please note that if u do want to use local authentication rather then an external server then you need to make sure that your authentication point locally.

For Example:

username cisco password 0 cisco

aaa authentication login userauthen local

crypto map clientmap client authentication list userauthen

R/Catherine

Customers Also Viewed These Support Documents