vpn client terminating on router

Unanswered Question
Mar 15th, 2009

hello,

is there pointer on how to do the following requirement where:

- router terminates Cisco vpn client with external radius

- user groups have different access right to part of network, i.e. admin can access all, user can access only part of network.

i read the following template but unsure how user group requirement can be setup:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949ba.shtml

would it be the case where different user group access right would be defined in different ACL for split tunneling?

i.e.

user group 1 -> ipsec:inacl=101

user group 2 -> ipsec:inacl=102

is there screen shot on how to setup usergroup as well?

thanks and regards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Mon, 03/16/2009 - 14:01

CiscoSecure ACS provides downloadable ACL sets as a means of configuring sets of ACLs that can be applied to many user or group profiles.

To create the downloadable ACL set, follow these steps:

Step1 Make sure the downloadable IP ACL feature is enabled. To do so, follow these steps:

a. Click Interface Configuration and then click Advanced Options .

b. Select the Group-Level Downloadable ACLs check box.

c. Click Submit .

Where applicable, the CiscoSecure ACS HTML interface displays features related to

downloadable IP ACLs.

Step2 Click Shared Profile Components click Downloadable IP ACLs , and then click Add .

The page for adding a downloadable ACL set appears.

Step3 In the Name box, type Outside Svrs. Allowed .

Step4 In the Description box, type Permits access only to our servers outside the PIX .

Step5 In the ACL Definitions box, type the following example

permit ip any 209.165.201.2 255.255.255.255

permit ip any 209.165.201.3 255.255.255.255

permit ip any 209.165.201.4 255.255.255.255

permit ip any 209.165.201.5 255.255.255.255

deny ip any any

Step6 Click Submit .

CiscoSecure ACS saves the downloadable ACL set. You can apply it by name to group or user

profiles.

Applying the Downloadable ACL Set to a Group

After you have created the downloadable ACL set in Creating the Downloadable ACL Set, you

must associate it with the group that

This procedure provides the steps to do so.

To apply the shell command authorization set, follow these steps:

Step1 Click Group Setup .

Step2 From the Group list, select the group that you want to assign members to.

Step3 Select Edit Settings .

The Group Settings page for the group selected appears.

Step4 From the Jump To list, select Downloadable ACLs .

The browser scrolls to the Downloadable ACLs table on the Group Settings page.

Step5 In the Downloadable ACLs table, select the Assign IP ACL check box.

Step6 From the Assign IP ACL list, select Outside Svrs. Allowed .

Step7 Select Submit + Restart .

Regards,

~JG

Do rate helpful posts

Actions

This Discussion