I have defined on a router 2 usernames: admin and vpn.
I want the user admin to be the only accepted by the router to login for administrative purposes, whereas the vpn user must be the only one accepted for VPN remote access to the local LAN.
The authentication and the authorization has to be performed using ONLY local database configured on the router
So far i have defined this:
aaa authentication login default local
aaa authorization exec default local
aaa authorization network vpn-group local
username admin privilege 15
username vpn privilege 1
crypto isakmp profile Ike-1
match identity group remote
client authentication list vpn-group
isakmp authorization list vpn-group
I have seen however the user vpn is allowed to login to the the router and also the admin is allowed to establish a VPN tunnel if successfully authenticated.
Does anybody can enlight me?
Thank you anticipately