Hi, sorry for this subject as there are many similar threads but not identical. Having a little trouble getting this to work even after searching all the related threads exhaustively.
I have an IOS router for VPN client access. Authentication and group authorisation for users done on ACS. This works well, but have the consequence of user able to login to router with telnet/ssh. I know I could create ACLs so that only certain mgmt IP addresses may connect, but would prefer to control telnet/ssh access through ACS.
ACS 4.1 is used for VPN and Telnet/SSH access.
How do I configure the NAR in order to give users VPN access to router while disallowing telnet/SSH?