We have setup SSLVPN on a Cisco 3800 to host VPN for IP Communicator (VOIP). IOS = IOS AdvanceSecurity 12.4-15(T) and Cisco Secure ACS v3.0
We have trialed an authentication method by using our existing TACACS+ server to host the AAA for the SSLVPN but the problem is the same user account can login to our routers using the same TACACS+.
Is there a way to permit SSLVPN auth for VOIP use and deny access to our routers using the same AAA server?
As your Tacacs+ is ACS, then you can make use of NAR (Network Access Restriction).
Users will be prompted for username/password if device is configured for the same, but they wont be able to telnet/ssh into the Network Device. But should be able to do VPN.
Please go through what attributes are evaluated for a NAR to be applied,
Please rate if it helps!