I am currently restricting access to a remote network using access-lists over a WAN connection; however, in order to be able to use its accounting functionality and accomodate users with dynamically assigned IP addresses, I want to look at implementing a Cisco VPN client and AAA scenario. I also want to allow certain IP addresses and VLANs to bypass this, if possible (certain servers need to be able to hit hosts on the remote network independent of any VPN client, which they currently do over the WAN connection).
My questions are:
-Can I do this, with the ability to restrict where users can get to on the remote network (I need more than just authentication here; it needs to be able to authorize where users can go as well)?
-Can I do it using a 3600 series router? I will find a way to acquire a pix if I have to, but it would be great if I can use the 3600 that will be used for WAN connectivity.
Re: VPN Client and RADIUS for network access control
From what you've said, yes, I believe all of this will be possible. I don't think you'll even need a PIX (I assume you already have a firewall in place at this site) firewall. Your best step is to get your Cisco design team on it. Check with your SE or sales office to put it together.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...