Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
461
Views
0
Helpful
5
Replies

Cisco Remote VPN users need to be restricted to access previous remote VPN configuration

ray_stone
Level 1
Level 1

‎01-12-2010 03:54 AM - edited ‎03-11-2019 09:56 AM

Hello Experts,

We have Cisco ASA 5505 (8.2.1) and Remote VPN is configured and access is provided to our NOC team to work from home and we have set hair pin route settings to access other production locations from one vpn account and its working fine. NOC users account is created and previlige is set 2 only to connect with VPN.

Now we have got a new request to setup a new Remote VPN configuration for our DEV Team and have to provide few servers access which is not a massive but once i setup a users for DEV Team then they may have access the PROD Servers by using the first VPN configuration. I want to restrict the DEV users, not to use the first remote VPN account and dont know the configuration/procedure.

Pls. advice.

Thanks & Regards,

Vinay Gupta

Labels:
0 Helpful
5 Replies 5

SOL10
Level 1
Level 1

‎01-12-2010 04:01 AM

HI Vinay

when you create the 2nd RA group , will you give them a new IP pool? If so, then I guess you can use ACL to restrict access to servers?

I had a similar situ and I used a software called secureRDP (for windows servers only) which allowed our 1st line support users who RDP into certain servers only - preventing them from piggybacking from 1 server to another via RDP (only)

HTH

0 Helpful

ray_stone
Level 1
Level 1
In response to SOL10

‎01-12-2010 04:08 AM

Yes, I will define a new IP pool for DEV Team but the major issue is the DEV user can be connected with NOC remote VPN by putting thier credentials which I want to seperate.

Regards,

Vinay Gupta

0 Helpful

ray_stone
Level 1
Level 1
In response to ray_stone

‎01-12-2010 06:28 AM

Can anyone reply as its urgent..........

Regards,

Vinay Gupta

0 Helpful

ray_stone
Level 1
Level 1
In response to ray_stone

‎01-12-2010 04:15 PM

??

0 Helpful

SOL10
Level 1
Level 1
In response to ray_stone

‎01-13-2010 02:00 AM

Hi

need to know more re your setup- are you using Radius/Tacacs?

how would the DEV Team know the login credentials of the NOC team? or do you mean that the Dev Team are also part of the NOC TEam sec group in AD?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card