Cisco Remote VPN users need to be restricted to access previous remote VPN configuration

Unanswered Question
Jan 12th, 2010

Hello Experts,

We have Cisco ASA 5505 (8.2.1) and Remote VPN is configured and access is provided to our NOC team to work from home and we have set hair pin route settings to access other production locations from one vpn account and its working fine. NOC users account is created and previlige is set 2 only to connect with VPN.

Now we have got a new request to setup a new Remote VPN configuration for our DEV Team and have to provide few servers access which is not a massive but once i setup a users for DEV Team then they may have access the PROD Servers by using the first VPN configuration. I want to restrict the DEV users, not to use the first remote VPN account and dont know the configuration/procedure.

Pls. advice.

Thanks & Regards,

Vinay Gupta

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
solpandor Tue, 01/12/2010 - 04:01

HI Vinay

when you create the 2nd RA group , will you give them a new IP pool? If so, then I guess you can use ACL to restrict access to servers?

I had a similar situ and I used a software called secureRDP (for windows servers only) which allowed our 1st line support users who RDP into certain servers only - preventing them from piggybacking from 1 server to another via RDP (only)


ray_stone Tue, 01/12/2010 - 04:08

Yes, I will define a new IP pool for DEV Team but the major issue is the DEV user can be connected with NOC remote VPN by putting thier credentials which I want to seperate.


Vinay Gupta

ray_stone Tue, 01/12/2010 - 06:28

Can anyone reply as its urgent..........


Vinay Gupta

solpandor Wed, 01/13/2010 - 02:00


need to know more re your setup- are you using Radius/Tacacs?

how would the DEV Team know the login credentials of the NOC team? or do you mean that the Dev Team are also part of the NOC TEam sec group in AD?


This Discussion