How to seperate the user authentication on pix? (pix login and vpn auth)

Unanswered Question
Oct 15th, 2007

I have a pix and a secure ACS. Users connect to network with VPN on pix. They authenticate with ACS. Also when we telnet or ssh to pix they also authenticate with ACS. How to seperate them ? Im using windows database.

thx

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Premdeep Banga Mon, 10/15/2007 - 03:53

map normal users to a separate group on ACS, and admin users to another

And on Normal group, apply NAR (IP-based NAR) to restrict access to all the network devices.

i.e., All AAA Clients, *, *

And do not apply anything on Admin group.

Regards,

Prem

t4tauseef33 Wed, 10/31/2007 - 03:18

Hi,

I have the same problem. I have did this one. but strange. ACS users adopt the policy but all the windows/domain users are able to login. How can i restrict the default group users (domain users only)to not login/access the network devices.

somishra Wed, 10/31/2007 - 03:28

Hi,

In ACS under External User Database -- Database Group Mappings -- Windows Database -- Default -- Edit group mapping for Domain : \DEFAULT -- All other combinations -- Select the CiscoSecure Group as No Access -- Submit

tnx,

somishra

Actions

This Discussion