12-06-2008 07:24 AM - edited 03-10-2019 04:13 PM
Hi
I have defined on a router 2 usernames: admin and vpn.
I want the user admin to be the only accepted by the router to login for administrative purposes, whereas the vpn user must be the only one accepted for VPN remote access to the local LAN.
The authentication and the authorization has to be performed using ONLY local database configured on the router
So far i have defined this:
aaa authentication login default local
aaa authorization exec default local
aaa authorization network vpn-group local
!
username admin privilege 15
username vpn privilege 1
!
crypto isakmp profile Ike-1
match identity group remote
client authentication list vpn-group
isakmp authorization list vpn-group
I have seen however the user vpn is allowed to login to the the router and also the admin is allowed to establish a VPN tunnel if successfully authenticated.
Does anybody can enlight me?
Thank you anticipately
12-07-2008 11:24 PM
Hi,
As per the configuration VPN users will also be authenticated to login in router with privillage level 1.
Can you clear your query what exactly u need to do ?
Ganesh.H
12-08-2008 11:50 AM
I wish to achieve this:
the only userid accepted, when authenticating with the VPN client to the router, must be the vpn user, the admin user must be rejected.
The vpn user then will be granted acces to the local resources.
At this point, if a connection to the router is needed (for troubleshooting or changes to the config), i want ONLY the only userid admin accepted.
In short: admin user has be used only to work on the router, vpn user only to gain access to local remote network
Thank you anticipately
CZ
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide