Introduction
16
VPN
The ACS administrator can set up VPN connections to establish an encrypted
communications between the ACS and a host on a remote network. The
encryption creates a security tunnel for a dedicated communications.
You can use the VPN features on ACS to create the following types of
connections:
• A secure tunnel between ACS and a gateway at a remote location so every
machine on the subnet at the remote location has a secure connection with
ACS.
• Create a secure tunnel between ACS and a single remote host
To set up a security gateway, you can install IPSec on any machine that does
networking over IP, including routers, firewall machines, application servers,
and end-user machines.
The ESP and AH authentication protocols are supported. RSA Public Keys
and Shared Secret are also supported.
For detailed information and procedures to configure a VPN connection, see
“VPN Connections” on page 183.
Packet Filtering on ACS
The ACS administrator can configure the box to filter packets like a firewall.
IP filtering is controlled by chains and rules.
Structure of IP Filtering
The Firewall Configuration form in the Web Manager is structured on two
levels:
TACACS+/Local
TACACS+ authentication is tried first,
switching to Local if unsuccessful.
TACACS+DownLocal
Local authentication is tried only when the
TACACS+ server is down.
Authentication Type Definition