Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

define spez. NAS Access

Is it possible with Cisco ACS, to allow a User access only if the user comes from a spez. NAS. I would like to define a Group and if the user is a member of this group he only gets access if he comes from this spez. NAS. For example i have a VPN-Group (VPN-NAS) and a RAS-Group (RAS-NAS), and a user in the VPN-Group should not be able to dial into the RAS-NAS.

thank you!!

  • Other Security Subjects
3 REPLIES
Cisco Employee

Re: define spez. NAS Access

Yes, you can configure NAS restrictions on a per user or group basis.

NAS restrictions on a user-level

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt26/usergd26/ch3.htm#xtocid289908

NAS restrictions on a group-level

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt26/usergd26/ch3.htm#xtocid2899035

HTH

R/Yusuf

New Member

Re: define spez. NAS Access

Thank you for the Information but i tried this allready and it doesn't work. For the vpn-group i made a "Denied Calling/Point of Access Locations" for the RAS-Server ( Port=* and IP-Adress=* ) but vpn-user can still dial in to the RAS-Server ?!

Is there a problem with radius authentication?

Thank you, Walter

New Member

Re: define spez. NAS Access

Thank you for the Information but i tried this allready and it doesn't work. For the vpn-group i made a "Denied Calling/Point of Access Locations" for the RAS-Server ( Port=* and IP-Adress=* ) but vpn-user can still dial in to the RAS-Server ?!

Is there a problem with radius authentication?

Thank you, Walter

124
Views
0
Helpful
3
Replies
This widget could not be displayed.