Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS - Host restriction

Hello

How to restrict access to a specific host when a user connects via VPN.

user account is mapped on ACS as external database ( Active Directory - Win3K )

Downloadable ACL only works with ACS Local Database.

plz help.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ACS - Host restriction

Thanks Ganesh for your help.

I am not clear with your steps.

Local ACS database users DACL is working.

For Windows AD users what steps I need to restrict for specific host and port.

Hi Saquib,

Windows AD users would be getting some ip once they are authenticated if apart from those pool of ip address you configure the trusted ip address which can access the ACS apart from windows AD authenticated users ip address.

Check out the below link will share the step to restrict ACS access using selected ip address.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/a.html#wp655148

Hope to help

Ganesh.H

3 REPLIES

Re: ACS - Host restriction

Hello

How to restrict access to a specific host when a user connects via VPN.

user account is mapped on ACS as external database ( Active Directory - Win3K )

Downloadable ACL only works with ACS Local Database.

plz help.

Hi,

IP Address Filtering (default) No filtering on any IP address is performed when an administrator is accessing ACS remotely.Allow only listed IP addresses to connect. Click to allow remote administration from only those workstations whose IP addresses fall within the range specified in IP Address Ranges. Workstations whose IP addresses are not within the specified range will not be able to access ACS remotely.

Reject connections from listed IP addresses. Click to filter out remote administration from the IP addresses specified in IP Address Ranges. Remote administration from workstations whose IP addresses do not fall within the specified range will be permitted.

Check out the below link hope that help

http://72.163.4.161/en/US/products/sw/secursw/ps2086/products_configuration_guide_chapter09186a00801fd7e2.html#wp892183

If helpful do rate the post

Ganesh.H

New Member

Re: ACS - Host restriction

Thanks Ganesh for your help.

I am not clear with your steps.

Local ACS database users DACL is working.

For Windows AD users what steps I need to restrict for specific host and port.

Re: ACS - Host restriction

Thanks Ganesh for your help.

I am not clear with your steps.

Local ACS database users DACL is working.

For Windows AD users what steps I need to restrict for specific host and port.

Hi Saquib,

Windows AD users would be getting some ip once they are authenticated if apart from those pool of ip address you configure the trusted ip address which can access the ACS apart from windows AD authenticated users ip address.

Check out the below link will share the step to restrict ACS access using selected ip address.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/a.html#wp655148

Hope to help

Ganesh.H

495
Views
0
Helpful
3
Replies