Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ADvice on TACACS+

Hi there

I am trying to implement the following scenario and would like to know the best solution for me,

We have 2 groups of Remote VPN users 1) support 2)Operations both using Cisco client vpn to log in remotely to our site

1)When members of the support group VPN in, I want our Cisco ASA to give them an IP range from Pool A of Ip addresses and I want them to be authenticated using TACACS and then after successful authentication they are redirected to or only have access to Server A

2)When members of the Operations group VPN in, I want our Cisco ASA to give them an IP range from Pool B of Ip addresses I want them to be authenticated using TACACS and then after successful authentication they are redirected to Server A AND have full access to Servers B,C,D etc

Is this possible? and if so how?

Regards

1 REPLY

Re: ADvice on TACACS+

Yes that's possible. Restriction to devices is done on the VPN device itself, not through AAA. Create two different VPN groups; one for support and one for Operations, each can authenticate to AAA.

Hope that helps.

125
Views
0
Helpful
1
Replies
CreatePlease to create content