Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
0
Helpful
3
Replies

Restricting Access to host on ACS

ronald.ramzy
Level 1
Level 1

‎07-20-2009 11:19 PM - edited ‎03-10-2019 04:36 PM

Hi,

I have ACS 4.0 running on Windows 2003.

ACS is mainly used to authenticate VPN users. Authentication on ACS is via local database and Windows Active Directory.

I need to understand how to restrict access to a host for VPN users on ACS Server

How to block Remote-desktop-Access to a group on ACS Server

Labels:
0 Helpful
3 Replies 3

andrewswanson
Level 7
Level 7

‎07-21-2009 02:19 AM

hi

use the ACS Downloadable IP ACls feature - see document:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/c.html#wp696809

hth

andy

0 Helpful

Jagdeep Gambhir
Level 10
Level 10

‎07-21-2009 07:03 AM

You need to set up access policy in Administration control,

IP Address Filtering:

Click one of the following options:

Allow all IP addresses to connect. (default) No filtering on any IP address is performed when an administrator is accessing ACS remotely.

Allow only listed IP addresses to connect. Click to allow remote administration from only those workstations whose IP addresses fall within the range specified in IP Address Ranges. Workstations whose IP addresses are not within the specified range will not be able to access ACS remotely.

Reject connections from listed IP addresses. Click to filter out remote administration from the IP addresses specified in IP Address Ranges. Remote administration from workstations whose IP addresses do not fall within the specified range will be permitted.

Note: IP filtering operates upon the IP address received in the HTTP request from a remote administrator's web browser. If the browser is configured to use an HTTP proxy server or if the browser is run on a workstation behind a network device performing network address translation, IP filtering applies only to the IP address of the HTTP proxy server or the NAT device, respectively.

Regards,

~JG

Do rate helpful posts

0 Helpful

ronald.ramzy
Level 1
Level 1
In response to Jagdeep Gambhir

‎07-22-2009 08:15 AM

Hi gambhir,

can you help with document link you follow to achieve this task.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents