Can IPsec Tunnel Between IOS Router and Cisco VPN Client 4.x be configured to use TACACS


I have dynamic IPSEC tunnel configured to use local users. I like to be able to set this up for TACAC using RSA.

Not much configuration experience on configuring TAACS or if this is even supported ?

config below:


username test privilege 15 secret test


crypto isakmp policy 1

 encr aes

 authentication pre-share

 group 2


crypto isakmp policy 10

 authentication pre-share

crypto isakmp keepalive 30 5

crypto isakmp nat keepalive 30





crypto isakmp client configuration group TEST key

 key TEST

 pool User_POOL

 acl  splitTunnel-TEST


crypto isakmp profile TEST-vpn-ra

   match identity group TEST

   client authentication list local-user   <-        Change to TACACs

   isakmp authorization list local-user <-------  ???????

   client configuration address respond

   virtual-template 1



crypto ipsec transform-set aes-sha esp-aes esp-sha-hmac

 mode tunnel


crypto ipsec profile TEST-vpn-ra

 set transform-set aes-sha






interface Virtual-Template1 type tunnel

 ip unnumbered [int hosting the 10.96.x.x network]

 ip access-group TEST_vpnclient_in in

 tunnel mode ipsec ipv4

 tunnel protection ipsec profile TEST-vpn-ra


ip local pool User_POOL






ip access-list extended splitTunnel-TEST

 permit ip [10.96.x.x network]

ip access-list extended TEST_vpnclient_in

 permit ip [10.96.x.x network]





Sign In or Register to comment.