11-08-2007 08:09 AM - edited 03-10-2019 03:30 PM
Hi,
We have ASA 5520 and ACS 3.3
We would like to have Remote-Acess authentication through ACS Database and would like to restrict remote user group with access to specific server or network....
Kindly advice with steps.....
Thanks
11-09-2007 06:22 PM
Hi
You can configure the PIX Firewall with a ACS server for VPN Clients.
Configure the primary ACS server with the host name and key.
Bind the authentication server with crypto map.
Use these commands in order to complete the configuration:
aaa-server ACS-RADIUS (inside) host X.X.X.X (key) timeout 5
crypto map vpnmap client authentication ACS-RADIUS LOCAL
Note: Within the crypto map, you can only enter one external authentication server group. The failover or backup authentication method can only be set to LOCAL. If there second server in the list it is only queried if the primary server is unresponsive. If the primary server is queried and issues a failed response, then the secondary server is not queried.
Please rate if this helps.
Regards MJ
11-09-2007 09:33 PM
Thanks.
How would I restrict the user from acccessing specific resourses on the network ( Ex : allow only specific server or specific network )
Which option on ACS does this... please help with steps..
11-10-2007 02:07 PM
Hi
I would Remove the sysopt connection permit-ipsec command from the PIX Firewall configuration. Add statements to the ACL applied to the outside interface permitting Encapsulating Security Payload (ESP), UDP 500, and the traffic from the VPN pool to the specific server. You will then be able to control access to the server.
Regards MJ
11-12-2007 05:27 AM
Hello,
I have site to site VPN and Remote-Access on the ASA.
We want to create users on ACS and restrict them throug ACS for server or network access.
Plz help on these request.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: