Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

VPN Authentication and ACS

All,

I have my VPN working but I don't want everyone to log in using a common group name and password. Can I use my ACS box for authentication for incoming VPN connections?

2 REPLIES
Silver

Re: VPN Authentication and ACS

There are a number of authentication options and ACS supports two of them in Tacacas + & Radius. Look at the configuration guide for your VPN end point.

New Member

Re: VPN Authentication and ACS

Depending on your version you can hand off user authentication to a Radius, Tacacs, RSA, AD or Kerberos.

Here is an example on 6.3(x)

Create aaa server:

aaa-server partner-auth protocol radius

aaa-server partner-auth max-failed-attempts 3

aaa-server partner-auth deadtime 10

aaa-server partner-auth (RSA) host a.b.c.d sharedsecret timeout 20

reference aaa server in crypto map:

crypto dynamic-map dynmap 10 set transform-set vpnset

crypto map vpnmap 20 ipsec-isakmp dynamic dynmap

crypto map vpnmap client token authentication partner-auth

crypto map vpnmap interface outside

101
Views
0
Helpful
2
Replies
CreatePlease to create content