Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
245
Views
0
Helpful
1
Replies

dialin VPN - any way to restrict specific users?

Go to solution
thomasdzubin
Level 1
Level 1

‎12-13-2007 10:41 AM - edited ‎02-21-2020 03:26 PM

I have a Cisco router with a fairly simple dialin VPDN setup with usernames set up in the router config itself (no external RADIUS server) so MS-Windows people can use the OS-built-in VPN client to connect up and access servers on my LAN.

Is there any way to restrict (via ACL or other) a connection when a specific username connects?

eg: If someone connects with username "thomas", I want to restrict their access to one specific server IP on my LAN

Can this be done?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
husycisco
Level 7
Level 7

‎12-14-2007 01:04 AM

Hi Thomas

The answer is simply NO. But there are alternative ways.

Cisco devices do not process ACLs on users. You have to purchase CS ACS and integrate with your device.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/index.html

Another option is, installing RADIUS on winows server, manually setting IP address of user in Dial-in tab of user properties in Active Directory, then applying ACLs on this ip, or you can assign a name for this ip etc

Or you can create tunnel-group per user and assign IP pools that contains only 1 IP, name this IP and write ACLs, if you dont have too many users connecting via VPDN.

Regards

View solution in original post

0 Helpful
1 Reply 1

Go to solution
husycisco
Level 7
Level 7

‎12-14-2007 01:04 AM

Hi Thomas

The answer is simply NO. But there are alternative ways.

Cisco devices do not process ACLs on users. You have to purchase CS ACS and integrate with your device.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/index.html

Another option is, installing RADIUS on winows server, manually setting IP address of user in Dial-in tab of user properties in Active Directory, then applying ACLs on this ip, or you can assign a name for this ip etc

Or you can create tunnel-group per user and assign IP pools that contains only 1 IP, name this IP and write ACLs, if you dont have too many users connecting via VPDN.

Regards

0 Helpful
Customers Also Viewed These Support Documents