Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Block remote access without disabling the domain account

Hi All,

We use VPN 3000 series concentrators for remote access and radius running on domain controllers for authentication. I would like to disable user accounts for just remote access (if their home computer is worm/virus infected) but they can logon to the domain when they are in the LAN.

Is this possible?

New Member

Re: Block remote access without disabling the domain account

That depends on how you have your Radius server set up, I would think you have it set up with a policy that says to permit the user to authenticate if they have dial-in enabled. I dont know what kind of radius server you have but if you are integrating with AD, I would think it would have the ability to read if the user has dial-in enabled or not. We use IAS and it as simple as just creating a policy that says Allow access if Dialin is enabled.

CreatePlease to create content