Can IPsec Tunnel Between IOS Router and Cisco VPN Client 4.x be configured to use TACACS

Folks

I have dynamic IPSEC tunnel configured to use local users. I like to be able to set this up for TACAC using RSA.

Not much configuration experience on configuring TAACS or if this is even supported ?

config below:

-------------------------------------------------

username test privilege 15 secret test

!

crypto isakmp policy 1

 encr aes

 authentication pre-share

 group 2

!

crypto isakmp policy 10

 authentication pre-share

crypto isakmp keepalive 30 5

crypto isakmp nat keepalive 30

!

 

 

 














crypto isakmp client configuration group TEST key

 key TEST

 pool User_POOL

 acl  splitTunnel-TEST

!

crypto isakmp profile TEST-vpn-ra

   match identity group TEST

   client authentication list local-user   <-        Change to TACACs

   isakmp authorization list local-user <-------  ???????

   client configuration address respond

   virtual-template 1

 

!

crypto ipsec transform-set aes-sha esp-aes esp-sha-hmac

 mode tunnel

!

crypto ipsec profile TEST-vpn-ra

 set transform-set aes-sha

!

!

 

 

 

interface Virtual-Template1 type tunnel

 ip unnumbered [int hosting the 10.96.x.x network]

 ip access-group TEST_vpnclient_in in

 tunnel mode ipsec ipv4

 tunnel protection ipsec profile TEST-vpn-ra

!

ip local pool User_POOL 192.168.100.1 192.168.100.10

!

 

 

 

 

ip access-list extended splitTunnel-TEST

 permit ip [10.96.x.x network] 0.0.0.255 192.168.100.0 0.0.0.255

ip access-list extended TEST_vpnclient_in

 permit ip 192.168.100.0 0.0.0.255 [10.96.x.x network] 0.0.0.255

exit

!

 

Comments

Sign In or Register to comment.