Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS 4.1 Enable VPN on IOS Router but disable Telnet/SSH for same user

Hi, sorry for this subject as there are many similar threads but not identical. Having a little trouble getting this to work even after searching all the related threads exhaustively.

I have an IOS router for VPN client access. Authentication and group authorisation for users done on ACS. This works well, but have the consequence of user able to login to router with telnet/ssh. I know I could create ACLs so that only certain mgmt IP addresses may connect, but would prefer to control telnet/ssh access through ACS.

ACS 4.1 is used for VPN and Telnet/SSH access.

How do I configure the NAR in order to give users VPN access to router while disallowing telnet/SSH?

Thanks!

2 REPLIES

Re: ACS 4.1 Enable VPN on IOS Router but disable Telnet/SSH for

Use only IP based NAR. That control's only IP based connections such as SSH and telnet. It won't impact vpn connection.

Regards,

~JG

Do rate helpful posts

New Member

Re: ACS 4.1 Enable VPN on IOS Router but disable Telnet/SSH for

Hi,

Thanks for the reply, but it still doesn't work.

I have two groups: admin (no restrictions) & vpnusers

In my vpnusers groups, I created an IP based NAR to restrict (r1841 * *) all to my router.

SSH/Telnet access is effectively denied for users in the vpnusers group, but I can't connect to that same router with VPN client with same user.

Thanks again for your help!

382
Views
0
Helpful
2
Replies
CreatePlease to create content