I am considering using my ACS (TACACS) to authenticate administration users on a new VPN 3000 concentrator. My concern is that there does not appear to be a fallback authentication method such as in the routers. Does anyone know if there is indeed a fallback authentication?
Also, can I configure TACACS users that correspond to any other account than the 'admin' account? I would like to be able to have read-only accounts use TACACS as well.
We use TACACS for the admin on the 3000 and there is no fallback. You need to make sure you have multiple ACS servers available and defined. There is very little flexibility in how you do it with the 3000. We also have some issues using it with SecurID, however it seems to be fine if you don't need that.
I have configured the 3000 to use TACACS for admin but am presently unable to login to the concentrator. One thing I failed to do was set the privilege level for the admin user. I can see in the log that connectivity was established with the ACS but my password is being refused with no error. Any ideas, Thx.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...