OK, I have been assigend a project with equipment that I dont think will do what they want it to.
1st. We have a single 3005 concentrator. We also have about 50 different remotre staff that need access to different resources, but all need the same resoures from our datacenter. ( email, etc.)
We have a core 4503 with supp 4 & 2-48 10/100/1000 blades in them. This is are core switch running to 2950T-24's in the closets. Network is partially routed out, (still in process of finishing).
On the 3005 can I limit where users 1-10 can go, and then limit where 11-20 go. etc. I found no spot for access-lists, and I am not sure if setting these lists on the 4503 is the right spot to do it.
In a nut shell I would like to restrict VPN users 1-10 to 10.0.16.0/23 and 10.1.20.0/23 while restricting users 11-20 to 10.3.1.0/23 and 10.0.16.0/23
and giving extended support laptops access to only 10.0.16.0/23
(10.1.20.0/23 Development area)
(10.3.1.0/23 QA area)
Can this be done?
2nd. We also have 2 as5350's not used in you standard fasshion. They are used for dialout with a product called dialout /ez. the 5350's are using RADIUS win2k against AD, VPN is doing the same. We have groups created accross different domains so they can have a single login.
If I were to install ACS, and set all devices to look to the server for AAA would I be shootong my self in the foot, or can I set the same types of groups as I have in AD. If you are not in the AD group then you get no access. Will this log everything? Right now I only get who connected to where, and when they disconnected. It does not show me where they went, where they were denied to or how long they were dialed into a client. or connected through the VPN.
Sorry if this doesnt make any sense, but if it does and you want to help me out, that would really be appriciated.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...