03-15-2009 01:50 PM - edited 02-21-2020 04:11 PM
hello,
is there pointer on how to do the following requirement where:
- router terminates Cisco vpn client with external radius
- user groups have different access right to part of network, i.e. admin can access all, user can access only part of network.
i read the following template but unsure how user group requirement can be setup:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949ba.shtml
would it be the case where different user group access right would be defined in different ACL for split tunneling?
i.e.
user group 1 -> ipsec:inacl=101
user group 2 -> ipsec:inacl=102
is there screen shot on how to setup usergroup as well?
thanks and regards
03-16-2009 02:01 PM
CiscoSecure ACS provides downloadable ACL sets as a means of configuring sets of ACLs that can be applied to many user or group profiles.
To create the downloadable ACL set, follow these steps:
Step1 Make sure the downloadable IP ACL feature is enabled. To do so, follow these steps:
a. Click Interface Configuration and then click Advanced Options .
b. Select the Group-Level Downloadable ACLs check box.
c. Click Submit .
Where applicable, the CiscoSecure ACS HTML interface displays features related to
downloadable IP ACLs.
Step2 Click Shared Profile Components click Downloadable IP ACLs , and then click Add .
The page for adding a downloadable ACL set appears.
Step3 In the Name box, type Outside Svrs. Allowed .
Step4 In the Description box, type Permits access only to our servers outside the PIX .
Step5 In the ACL Definitions box, type the following example
permit ip any 209.165.201.2 255.255.255.255
permit ip any 209.165.201.3 255.255.255.255
permit ip any 209.165.201.4 255.255.255.255
permit ip any 209.165.201.5 255.255.255.255
deny ip any any
Step6 Click Submit .
CiscoSecure ACS saves the downloadable ACL set. You can apply it by name to group or user
profiles.
Applying the Downloadable ACL Set to a Group
After you have created the downloadable ACL set in Creating the Downloadable ACL Set, you
must associate it with the group that
This procedure provides the steps to do so.
To apply the shell command authorization set, follow these steps:
Step1 Click Group Setup .
Step2 From the Group list, select the group that you want to assign members to.
Step3 Select Edit Settings .
The Group Settings page for the group selected appears.
Step4 From the Jump To list, select Downloadable ACLs .
The browser scrolls to the Downloadable ACLs table on the Group Settings page.
Step5 In the Downloadable ACLs table, select the Assign IP ACL check box.
Step6 From the Assign IP ACL list, select Outside Svrs. Allowed .
Step7 Select Submit + Restart .
Regards,
~JG
Do rate helpful posts
03-16-2009 02:18 PM
right. but this is a router.
03-16-2009 02:23 PM
That is ok, it will work for router aswell.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: