Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1057
Views
0
Helpful
3
Replies

ACS - Host restriction

Go to solution
saquib.tandel
Level 1
Level 1

‎02-06-2010 12:02 PM - edited ‎03-10-2019 04:56 PM

Hello

How to restrict access to a specific host when a user connects via VPN.

user account is mapped on ACS as external database ( Active Directory - Win3K )

Downloadable ACL only works with ACS Local Database.

plz help.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni
In response to saquib.tandel

‎02-07-2010 06:04 AM 

Thanks Ganesh for your help.
I am not clear with your steps.
Local ACS database users DACL is working.
For Windows AD users what steps I need to restrict for specific host and port.

Hi Saquib,

Windows AD users would be getting some ip once they are authenticated if apart from those pool of ip address you configure the trusted ip address which can access the ACS apart from windows AD authenticated users ip address.

Check out the below link will share the step to restrict ACS access using selected ip address.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/a.html#wp655148

Hope to help

Ganesh.H

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

‎02-06-2010 11:28 PM 

Hello
How to restrict access to a specific host when a user connects via VPN. 
user account is mapped on ACS as external database ( Active Directory - Win3K )
Downloadable ACL only works with ACS Local Database.
plz help.

Hi,

IP Address Filtering (default) No filtering on any IP address is performed when an administrator is accessing ACS remotely.Allow only listed IP addresses to connect. Click to allow remote administration from only those workstations whose IP addresses fall within the range specified in IP Address Ranges. Workstations whose IP addresses are not within the specified range will not be able to access ACS remotely.

Reject connections from listed IP addresses. Click to filter out remote administration from the IP addresses specified in IP Address Ranges. Remote administration from workstations whose IP addresses do not fall within the specified range will be permitted.

Check out the below link hope that help

http://72.163.4.161/en/US/products/sw/secursw/ps2086/products_configuration_guide_chapter09186a00801fd7e2.html#wp892183

If helpful do rate the post

Ganesh.H

0 Helpful

Go to solution
saquib.tandel
Level 1
Level 1
In response to Ganesh Hariharan

‎02-07-2010 03:22 AM

Thanks Ganesh for your help.

I am not clear with your steps.

Local ACS database users DACL is working.

For Windows AD users what steps I need to restrict for specific host and port.

0 Helpful

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni
In response to saquib.tandel

‎02-07-2010 06:04 AM 

Thanks Ganesh for your help.
I am not clear with your steps.
Local ACS database users DACL is working.
For Windows AD users what steps I need to restrict for specific host and port.

Hi Saquib,

Windows AD users would be getting some ip once they are authenticated if apart from those pool of ip address you configure the trusted ip address which can access the ACS apart from windows AD authenticated users ip address.

Check out the below link will share the step to restrict ACS access using selected ip address.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/a.html#wp655148

Hope to help

Ganesh.H

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents