7 Replies Latest reply: Dec 22, 2009 7:28 AM by Oscar RSS

    Remote Access VPN with AAA




      I found some problem when using remote access vpn with AAA authorization by TACACS server, but the authentication with TACACS is ok.

      The ra vpn can run normally by following setting as authenticating by tacacs but authorization by local database.

      there is a same copy of username and password on local and ACS



      aaa authentication login userlist group tacacs+ local

      aaa authorization network grouplist local


      crypto map EZVPN client authentication list userlist

      crypto map EZVPN isakmp authorization list grouplist



      but if change the authorzation method to tacacs(aaa authorization network grouplist group tacacs+ local), the vpn client can not establish with remote peer.


      Is there any setting should be done on ACS in order to authorize with ACS server ?