ACS - Host restriction

Answered Question
Feb 6th, 2010
User Badges:

Hello


How to restrict access to a specific host when a user connects via VPN.

user account is mapped on ACS as external database ( Active Directory - Win3K )


Downloadable ACL only works with ACS Local Database.


plz help.

Correct Answer by Ganesh Hariharan about 7 years 3 months ago

Thanks Ganesh for your help.


I am not clear with your steps.

Local ACS database users DACL is working.

For Windows AD users what steps I need to restrict for specific host and port.

Hi Saquib,


Windows AD users would be getting some ip once they are authenticated if apart from those pool of ip address you configure the trusted ip address which can access the ACS apart from windows AD authenticated users ip address.


Check out the below link will share the step to restrict ACS access using selected ip address.


http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/a.html#wp655148


Hope to help


Ganesh.H

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Ganesh Hariharan Sat, 02/06/2010 - 23:28
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hello


How to restrict access to a specific host when a user connects via VPN.

user account is mapped on ACS as external database ( Active Directory - Win3K )


Downloadable ACL only works with ACS Local Database.


plz help.


Hi,


IP Address Filtering (default) No filtering on any IP address is performed when an administrator is accessing ACS remotely.Allow only listed IP addresses to connect. Click to allow remote administration from only those workstations whose IP addresses fall within the range specified in IP Address Ranges. Workstations whose IP addresses are not within the specified range will not be able to access ACS remotely.


Reject connections from listed IP addresses. Click to filter out remote administration from the IP addresses specified in IP Address Ranges. Remote administration from workstations whose IP addresses do not fall within the specified range will be permitted.


Check out the below link hope that help


http://72.163.4.161/en/US/products/sw/secursw/ps2086/products_configuration_guide_chapter09186a00801fd7e2.html#wp892183


If helpful do rate the post


Ganesh.H

saquib.tandel Sun, 02/07/2010 - 03:22
User Badges:

Thanks Ganesh for your help.


I am not clear with your steps.

Local ACS database users DACL is working.

For Windows AD users what steps I need to restrict for specific host and port.

Correct Answer
Ganesh Hariharan Sun, 02/07/2010 - 06:04
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Thanks Ganesh for your help.


I am not clear with your steps.

Local ACS database users DACL is working.

For Windows AD users what steps I need to restrict for specific host and port.

Hi Saquib,


Windows AD users would be getting some ip once they are authenticated if apart from those pool of ip address you configure the trusted ip address which can access the ACS apart from windows AD authenticated users ip address.


Check out the below link will share the step to restrict ACS access using selected ip address.


http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/a.html#wp655148


Hope to help


Ganesh.H

Actions

This Discussion