Yes, this is how it is designed. The Router sends the "vpn-group/cisco" as username/password to the ACS server. The actual vpn-group-password is then validated against "tunnel-pre-shared-key " attribute in the profile. This method is to be used only with IOS/RADIUS.
With the ASA, the ACS profile will have the actual "vpn-group/vpn-group-password" as username/password. Why was it designed this way ? No idea :-) If anybody knows why, please share.. Regards, Karthik
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
