Cisco Support Community
Community Member

VPN auth with Secure ACS

I am having problems configuring my firewall to use the Secure ACS to authenticate remote user who VPN into the firewall. There isn't much documentation on the commands you need to enter in the firewall, and a lot of the ones I have found don't work on the pix. I want to authen. all users that are inbound into our network using our NT database. Any help with pix commands would be appreciated. Thanks

Community Member

Re: VPN auth with Secure ACS

crypto map partner-map client authentication TACACS+

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ (inside) host (Secure ACS IP Address)PIX (Name you gave IN Secure ACS) timeout 10

aaa-server RADIUS protocol radius

aaa-server VPN protocol tacacs+

You also need to give "Dial in permissions" to each user in there NT User Account.(If you checked that in Secure ACS) This is a good idea because you can control who has access through the VPN.

Community Member

Re: VPN auth with Secure ACS

Thanks, that worked. Can you do any kind of accounting on these connections with ACS. It is authenticating, but there is nothing being logged. Thanks

CreatePlease to create content