Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
fred.mancen
fred.mancen
Community Member
‎02-15-2008 05:07 AM
‎02-15-2008 05:07 AM

Using AAA to limit access rights

Hi there.

I have a 2611 router, IOS version 12.3(25), configured as an VPN server. I have already configured the IP Sec parameters, users...and it is all working fine. But my customer needs to limit the access of one user that uses the same group and interface of the others. Is it possible to set up an AAA profile that matches some ACL to permit access to a few IP addresses, without a authentication server? I was thinking a method to set up an ACL and implement it on the interface, but this will affect the traffic of the other users, since their external access addresses are dynamic (one time they are at home, other time they are on the remote office and so on). Any ideas? Thanks in advance.

Regards.

0 Helpful
Reply
3 REPLIES
Jagdeep Gambhir
Jagdeep Gambhir Red
Red
‎02-15-2008 06:56 AM
‎02-15-2008 06:56 AM

Re: Using AAA to limit access rights

Go for downloadable acl's. Following

requirements must be met:

* The AAA client must use RADIUS for authentication.

* The AAA client must support downloadable IP ACLs.

Examples of Cisco devices that support downloadable IP ACLs are:

* PIX Firewalls.

* VPN 3000-series concentrators.

* Cisco devices running IOS version 12.3(8)T or greater.

Check the following link for your reference:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/3.3/user/guide/c.html#wp696775

Regards,

~JG

Do rate helpful posts

Reply
fred.mancen
fred.mancen
Community Member
‎02-15-2008 07:55 AM
‎02-15-2008 07:55 AM

Re: Using AAA to limit access rights

Hey, Gambhir!

This link is great! I am reading carefully to make sure that it solves my problem; be sure that I will rate your post. Tks a lot!

Best regards.

0 Helpful
Reply
fred.mancen
fred.mancen
Community Member
‎02-15-2008 10:37 AM
‎02-15-2008 10:37 AM

Re: Using AAA to limit access rights

Hi Gambhir.

Really, this document is fine, but does not solve my question...my customer does not have a RADIUS server that could be available to run the service. Unfortunately, because it will be the perfect solution. Anyway, thanks a lot.

regards.

0 Helpful
Reply
Latest Documents
Snort IPS on ISR, ISRv and CSR - Step-By-Step Configuration
Created by Kureli Sankar on 04-19-2018 11:25 AM
0
0
0
0
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin... view more
Upgrade Chassis Manager (FXOS)
Created by Jeet Kumar on 02-23-2018 02:51 AM
2
15
2
15
    Login to the FXOS chassis manager. Direct your browser to https://hostname/, and log-in using the user-name and password.     Go to Help > About and check the current version:    Check the current version availa... view more
ASA 5506-X with ipv6 no access to internet
Created by Klaxel on 02-08-2018 01:25 AM
3
5
3
5
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6. In Syslog I also se... view more
All Documents
159
Views
3
Helpful
3
Replies
CreatePlease to create content
Discussion
Blog
Document
Video
Popular Blogs
AnyConnect Certificate Based Authentication.
Created by Marvin Ruiz on 08-27-2012 05:20 PM
36
75
36
75
BLOG (No Title)
Created by athukral on 06-14-2011 04:23 AM
15
35
15
35
Wireless Hacking
Created by Anim Saxena on 01-24-2013 07:56 AM
2
25
2
25
All Blogs