Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
ovt Bronze
Bronze

Locking users in a VPN group on IOS routers

Hi!

Is it possible to lock users in a VPN group on IOS routers (the same way

VPN3000 do this)?

Or, from the other side: Is it possible to setup AAA authorization for

XAUTH-enticated username (i.e. can I assign an ACL to a user)?

What are the best practices to separate several VPN user groups, so that

different groups have access to different parts of corporate net?

Oleg Tipisov,

REDCENTER,

Moscow

2 REPLIES
New Member

Re: Locking users in a VPN group on IOS routers

Oleg,

You should use CiscoSecure ACS server for AAA purposes. I suggest to use a TACACS+ setup. On this ACS server, you can determine on group or on user level what access they have.

Kind Regards,

Kurt

ovt Bronze
Bronze

Re: Locking users in a VPN group on IOS routers

Kurt,

good consulting advice, but saying "use Tac+" you're saying nothing.

What "aaa authorization" commands should I configure so that the router

goes to a tac+ server for an ACL when a user sends IKE XAUTH response?

I believe this has never been implemented on the cisco routers.

Oleg Tipisov,

REDCENTER,

Moscow

216
Views
0
Helpful
2
Replies
CreatePlease to create content