Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
446
Views
5
Helpful
3
Replies

How to seperate the user authentication on pix? (pix login and vpn auth)

blackswans
Level 1
Level 1

‎10-15-2007 03:19 AM - edited ‎03-10-2019 03:26 PM

I have a pix and a secure ACS. Users connect to network with VPN on pix. They authenticate with ACS. Also when we telnet or ssh to pix they also authenticate with ACS. How to seperate them ? Im using windows database.

thx

Labels:
0 Helpful
3 Replies 3

Premdeep Banga
Level 7
Level 7

‎10-15-2007 03:53 AM

map normal users to a separate group on ACS, and admin users to another

And on Normal group, apply NAR (IP-based NAR) to restrict access to all the network devices.

i.e., All AAA Clients, *, *

And do not apply anything on Admin group.

Regards,

Prem

t4tauseef33
Level 1
Level 1
In response to Premdeep Banga

‎10-31-2007 03:18 AM

Hi,

I have the same problem. I have did this one. but strange. ACS users adopt the policy but all the windows/domain users are able to login. How can i restrict the default group users (domain users only)to not login/access the network devices.

0 Helpful

somishra
Cisco Employee
Cisco Employee
In response to t4tauseef33

‎10-31-2007 03:28 AM

Hi,

In ACS under External User Database -- Database Group Mappings -- Windows Database -- Default -- Edit group mapping for Domain : \DEFAULT -- All other combinations -- Select the CiscoSecure Group as No Access -- Submit

tnx,

somishra

0 Helpful
Customers Also Viewed These Support Documents