12-13-2007 10:41 AM - edited 02-21-2020 03:26 PM
I have a Cisco router with a fairly simple dialin VPDN setup with usernames set up in the router config itself (no external RADIUS server) so MS-Windows people can use the OS-built-in VPN client to connect up and access servers on my LAN.
Is there any way to restrict (via ACL or other) a connection when a specific username connects?
eg: If someone connects with username "thomas", I want to restrict their access to one specific server IP on my LAN
Can this be done?
Solved! Go to Solution.
12-14-2007 01:04 AM
Hi Thomas
The answer is simply NO. But there are alternative ways.
Cisco devices do not process ACLs on users. You have to purchase CS ACS and integrate with your device.
http://www.cisco.com/en/US/products/sw/secursw/ps2086/index.html
Another option is, installing RADIUS on winows server, manually setting IP address of user in Dial-in tab of user properties in Active Directory, then applying ACLs on this ip, or you can assign a name for this ip etc
Or you can create tunnel-group per user and assign IP pools that contains only 1 IP, name this IP and write ACLs, if you dont have too many users connecting via VPDN.
Regards
12-14-2007 01:04 AM
Hi Thomas
The answer is simply NO. But there are alternative ways.
Cisco devices do not process ACLs on users. You have to purchase CS ACS and integrate with your device.
http://www.cisco.com/en/US/products/sw/secursw/ps2086/index.html
Another option is, installing RADIUS on winows server, manually setting IP address of user in Dial-in tab of user properties in Active Directory, then applying ACLs on this ip, or you can assign a name for this ip etc
Or you can create tunnel-group per user and assign IP pools that contains only 1 IP, name this IP and write ACLs, if you dont have too many users connecting via VPDN.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide