Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Bronze

locking down users access

Hi

I'm using Windows 2003 IAS to do authentication for my ASA ver 8.0.4.

On the ASA I use group policy's and vpn-filter along with access-lists to control the access that IPSEC VPN users have. The access-list allows access to a common pool of servers that all need access to and deny's access to the rest of the network.

I have a bunch of users that when on the VPN they need RDP access to their PC. Up to this point I have been just adding a new permit line to the access-list that's attached to vpn-filter. This has worked however it also allows UserA access to UserB and UserC's PC. This is quickly growing into swiss cheese with all the holes.

I'm looking for a way to give access to UserA to her PC but not UserB and UserC's PC and also allow all users access to the common server pool.

Any ideas ? Thanks Much!

1 REPLY

Re: locking down users access

You might want to take a look at Dynamic Access Policies, it allows you to make control more granular based on network lists:

https://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

125
Views
0
Helpful
1
Replies
CreatePlease to create content