Access control on VPN

Unanswered Question
Jan 22nd, 2002
User Badges:

I have setup VPN client 1.1 connecting to PIX-525 with extended authentication by Cisco ACS 3.0 (TACACS+).

My customer want to have access control by user group for some of the server.

Could I assign IP address by TACACS+ and then filter it by ACL?

Or there is another way to achive that?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
HEATH FREEL Tue, 01/29/2002 - 13:06
User Badges:

1st. Turn off Sysopt Permit-IPsec

2nd. Change your Client to the VPN 3000 3.5

3rd. Create Groups using different IP pools

4th. Create Conduits/Access-list to allow/deny access based on IP Pool.

At least that is how I would do it.


This Discussion