Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN3000 and TACACS Admin Access

I am considering using my ACS (TACACS) to authenticate administration users on a new VPN 3000 concentrator. My concern is that there does not appear to be a fallback authentication method such as in the routers. Does anyone know if there is indeed a fallback authentication?

Also, can I configure TACACS users that correspond to any other account than the 'admin' account? I would like to be able to have read-only accounts use TACACS as well.

3 REPLIES
Community Member

Re: VPN3000 and TACACS Admin Access

We use TACACS for the admin on the 3000 and there is no fallback. You need to make sure you have multiple ACS servers available and defined. There is very little flexibility in how you do it with the 3000. We also have some issues using it with SecurID, however it seems to be fine if you don't need that.

Community Member

Re: VPN3000 and TACACS Admin Access

Thanks for the information. Hopefully Cisco will improve upon this in the near future.

Community Member

Re: VPN3000 and TACACS Admin Access

I have configured the 3000 to use TACACS for admin but am presently unable to login to the concentrator. One thing I failed to do was set the privilege level for the admin user. I can see in the log that connectivity was established with the ACS but my password is being refused with no error. Any ideas, Thx.

165
Views
0
Helpful
3
Replies
CreatePlease to create content