ADvice on TACACS+

Unanswered Question
Sep 23rd, 2008
User Badges:

Hi there


I am trying to implement the following scenario and would like to know the best solution for me,


We have 2 groups of Remote VPN users 1) support 2)Operations both using Cisco client vpn to log in remotely to our site


1)When members of the support group VPN in, I want our Cisco ASA to give them an IP range from Pool A of Ip addresses and I want them to be authenticated using TACACS and then after successful authentication they are redirected to or only have access to Server A

2)When members of the Operations group VPN in, I want our Cisco ASA to give them an IP range from Pool B of Ip addresses I want them to be authenticated using TACACS and then after successful authentication they are redirected to Server A AND have full access to Servers B,C,D etc


Is this possible? and if so how?


Regards


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Wed, 09/24/2008 - 08:06
User Badges:
  • Purple, 4500 points or more

Yes that's possible. Restriction to devices is done on the VPN device itself, not through AAA. Create two different VPN groups; one for support and one for Operations, each can authenticate to AAA.


Hope that helps.

Actions

This Discussion