Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
294
Views
0
Helpful
1
Replies

VPN Concentrator 3080

a.kiprawih
Level 7
Level 7

‎07-15-2002 08:49 PM - edited ‎02-21-2020 11:56 AM

1. One of the default user in VPN 3080 is 'config'. If this user is given the following access rights, it still couldn't to access 'File Management' area, with message "You do not have sufficient authorization to access the specified page."

Authentication="View Config"

General="View Config"

SNMP="View Config"

Files="List Files" or "Read Files" or "Read/Write Files" access.

* user authen. based on local profile in VPN box.

No external authentication server is in used.

2. If access to VPN box is authenticated by TACACS+, can I used local admin ID to access my VPN unit in case the TACACS+ server is down, which is similar to router or pix?

3. When TACACS+ is in used, access to the VPN Concentrator manager using the same admin ID is not allow for simultaneous access at the same time.However, when local database (default VPN DBase) is being used, it allows multiple access/login to the same box, at the same time, using the same ID. What is the difference (and inconsistency) between TACACS+ and local VPN database, as TACACS+ is more secure to be used.

4. VPN 3080 Concentrator exports the log file to an FTP server when the buffer is full. Is it possible to periodically export the log file with the following options:

(a) Daily - export & generate a new log file at 12:01 am local time every day.

(b) Weekly - export & generate a new log file at 12:01 am local time every

Sunday.

(c) Monthly - export & generate a new log file at 12:01 am on the first day of

every month.

Thank you.

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎07-15-2002 10:23 PM

1. Only the user marked as Administrator can actually get into the whole Administration section, and you cna only have one user configured as the Administrator. Once the admin can get into that section, you can then give them only certain rights to files, etc. And yes, that is pretty useless because they can then just go in and change those rights because they're the administrator.

2. No. If the TACACS server is down, the only access is via the console port. You can add backup TACACS servers into the list, but if the concentrator reaches the bottom of the list, it denies the access.

3. What error do you get in the log on the concentrator? Have you verified that you don't have a limit of one login set on the TACACS server?

4. No, no and no.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents