<div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d"><br>
</div>you can ignore the suggestions or try them. try this or see/try svc_auth<br>
and attr_value_pair in tac_plus.conf.<br>
<div><div></div></div></blockquote><div><br>Yes, thanks for that helpful piece of advice. I have in fact tried the suggestions, and they're ineffective.<br><br>After spending some time working backwards through the tac_plus source code, I have now worked out that the problem is that the PIX is sending only an authentication request when a VPN user connections - that is to say, it doesn't send an *authorization* request. <br>
<br>As a result, the after authorization clause in tac_plus.conf has no effect, because authorization is never performed.<br><br>I'm now going to try using a radius server, since others have had more success with it.<br>
<br><br></div></div>