Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN client authentication

How do I setup a local database on the PIX 515 to allow VPN user access. I am running 7.1(2).4

Also, I've seen a lot of reference to ACS. Is this the best way for users to authenticate when connecting with a Cisco VPN client?


Cisco Employee

Re: VPN client authentication

username bosch password bosch321 privilege 2

In the tunnel group section for the VPN clients, make sure you have authentication set to LOCAL.

If you have an ACS server, you can just point the ASA to the ACS server. All the user level settings can be done on the ACS.

Its purely a choice of network security and company policy. I would use an ACS server to set up user accounts, rather than using the ASA.



New Member

Re: VPN client authentication

Thanks Gilbert.

Is there any documentation on how to setup a ACS server and get it working with VPN clients?

Does this tie in with Active Directory?



Cisco Employee

Re: VPN client authentication

Quick Commands needs for ASA to setup ACS server authentication:

A. Setting up ACS server

aaa-server SNOW protocol radius

aaa-server SNOW (inside) host

key cisco123

B. Setting up the Tunnel-group for ACS server authentication

tunnel-group ipsec-attributes

authentication-server-group SNOW

The ACS will be able to talk with Active Directory if users are configured on the AD and proper setup on the ACS is done inorder to query AD for user authentication request.

Sorry, I am no expert in AD. :(

Rate it, if this helps.

New Member

Re: VPN client authentication

How do I setup the ACS server. Just download it from this site and install it?

Is there any guides available to install. Does it just need to be on a Windows server or on a domain controller.


CreatePlease login to create content