[c-nsp] Cisco VPN 3000 Concentrators login failback if TACACS is unreachable

gscisco@xs4all.nl Cisco gscisco at gmail.com
Thu Jul 20 16:24:52 EDT 2006


Hi,

I'm thinking to configure administration authentication on our VPN
concentrators through TACACS and therefore have recently been playing with a
3005 to see if it would work for us, however I noticed that when the tacacs
server is for what ever reason unreachable (network outage, tacacs server
problems, etc.) I cannot get into the box other than console. Both telnet
and HTTP access block from me using the local store passwords.

>From what I read on Cisco's guide to configure TACACS on VPN Concentrators I
read that enabling TACACS will automatically disable local stored passwords.
Now this wouldn't be so bad if you would be setting next to the box to
console it to it, but I will only be able to reach these boxes remotely.

Is there any way to override this behavior ? Or perhaps I'm overlooking some
options. Because I don't want to run the risk to lose access to the boxes if
anywhere in the chain to the tacacs server something happens.

Thanks in advance,

Vincent


More information about the cisco-nsp mailing list