Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ACS shell profile to only allow VPN authentication from TACACS+

I'm currently rebuilding all of my VPN profiles after it was found that we were using TACACS+ for authentication to the VPNs, that would also allow users to SSH all of the network infrastructure. The new profiles will be radius based and will take some time to get them to the users.

In the meantime I'm looking to create a new shell profile for the VPN users that will only allow them to authenticate to the VPN and not gain access to the CLI of the infrastructure.

 

Thanks

3 REPLIES
New Member

Hi,did you find any solution

Hi,

did you find any solution for this??

 

I am also stuck on the same issue...

New Member

I haven't found one yet. I

I haven't found one yet. I think if i setup a service selection rule it should work but I haven't found anything formal to confirm yet.

New Member

Hi,i tested this with Cisco

Hi,

i tested this with Cisco ACS 5.5 with TACACS for VPN tunnel it doesn't work.

It gives you an error which is stated that service protocol used is for device administration.

So it doesn't all VPN authentication to work. but for radius this works properly.

 

Thanks & Regards,

Nitesh

68
Views
0
Helpful
3
Replies
CreatePlease to create content