Nevermind, probably ought to read the solution a bit closer.
Terry Little (425) 894-4109 (m) (425) 468-1057 (o) From: [email protected] [mailto:[email protected]] On Behalf Of Terry Little (terlittl) Sent: Saturday, April 03, 2010 9:41 AM To: CCIE Sec Subject: [OSL | CCIE_Security] ASA tunnel-group: Authentication vsAuthorization In Lab 4 part 2 sec 4.10 and 4.11. They are both remote access vpn configs, first with no CA then with a CA. Both with ACS for user authentication. Question.... In 4.10 the solution requires the tunnel group to define an Authentication server group and in 4.11 there is only the authorization server group, with authorization required. I understand the difference between Authentication and Authorization generally. What I don't see is why with the CA there is no Authentication and with out the CA there is no Authorization. How do these map into the remote access vpn process? Terry Little [email protected] Phone: +1 425 468 1057 Mobile: +1 425 894 4109 Cisco Systems, Inc. Network Consulting Engineer World Wide Security Services Practice Cisco.com - http://www.cisco.com This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
