7 Replies Latest reply: Dec 22, 2009 7:28 AM by Oscar RSS

    Remote Access VPN with AAA

    greensheep

      Hi,

       

      I found some problem when using remote access vpn with AAA authorization by TACACS server, but the authentication with TACACS is ok.

      The ra vpn can run normally by following setting as authenticating by tacacs but authorization by local database.

      there is a same copy of username and password on local and ACS

       

      ......

      aaa authentication login userlist group tacacs+ local

      aaa authorization network grouplist local

       

      crypto map EZVPN client authentication list userlist

      crypto map EZVPN isakmp authorization list grouplist

      ......

       

      but if change the authorzation method to tacacs(aaa authorization network grouplist group tacacs+ local), the vpn client can not establish with remote peer.

       

      Is there any setting should be done on ACS in order to authorize with ACS server ?

      Thanks