10-15-2007 03:19 AM - edited 03-10-2019 03:26 PM
I have a pix and a secure ACS. Users connect to network with VPN on pix. They authenticate with ACS. Also when we telnet or ssh to pix they also authenticate with ACS. How to seperate them ? Im using windows database.
thx
10-15-2007 03:53 AM
map normal users to a separate group on ACS, and admin users to another
And on Normal group, apply NAR (IP-based NAR) to restrict access to all the network devices.
i.e., All AAA Clients, *, *
And do not apply anything on Admin group.
Regards,
Prem
10-31-2007 03:18 AM
Hi,
I have the same problem. I have did this one. but strange. ACS users adopt the policy but all the windows/domain users are able to login. How can i restrict the default group users (domain users only)to not login/access the network devices.
10-31-2007 03:28 AM
Hi,
In ACS under External User Database -- Database Group Mappings -- Windows Database -- Default -- Edit group mapping for Domain : \DEFAULT -- All other combinations -- Select the CiscoSecure Group as No Access -- Submit
tnx,
somishra
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide