Cisco Support Community
Community Member

VPN Client and RADIUS for network access control

I am currently restricting access to a remote network using access-lists over a WAN connection; however, in order to be able to use its accounting functionality and accomodate users with dynamically assigned IP addresses, I want to look at implementing a Cisco VPN client and AAA scenario. I also want to allow certain IP addresses and VLANs to bypass this, if possible (certain servers need to be able to hit hosts on the remote network independent of any VPN client, which they currently do over the WAN connection).

My questions are:

-Can I do this, with the ability to restrict where users can get to on the remote network (I need more than just authentication here; it needs to be able to authorize where users can go as well)?

-Can I do it using a 3600 series router? I will find a way to acquire a pix if I have to, but it would be great if I can use the 3600 that will be used for WAN connectivity.

-The big question: how?

Any input is appreciated.



Re: VPN Client and RADIUS for network access control

From what you've said, yes, I believe all of this will be possible. I don't think you'll even need a PIX (I assume you already have a firewall in place at this site) firewall. Your best step is to get your Cisco design team on it. Check with your SE or sales office to put it together.

CreatePlease to create content