Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN user control

Users connecting to our VPN 3000 concentrator are authenticated via SecurID. We would like to allow VPN access only for specific users and not for all the users which are having a SecurID card. Can this be achieved without doing modifications on the SecurID server?

3 REPLIES
New Member

Re: VPN user control

Someone can correct me if I'm wrong but I do believe that user level access control has to be managed by the SecurID (radius?) server.

When you use a securID token the cisco passes off the authentication to that box and its up to the SecurID server to say if that user should or shouldn't be allowed remote access, and if so at what level.

This is my experience from reading the docs and working on the routers. Haven't done much work actually configuring SecurID servers though.

You might want to go and look up controlling user access levels (ie remote access) on your SecurID server docs.

New Member

Re: VPN user control

Unfortunately we don't have the rights to do modifications to the SecurID server and I was hoping to perform a further user control on the VPN concentrator. I already played around with the "Group Lock" feature, but so far without success.

New Member

Re: VPN user control

I think this can be done. On you rsa ace server do you have an agent host configured for your concentrator? If so, I believe you can just assign the agent host for your concentrator to those individuals you want to have access. If an individual is not assigned that agent host, then they should not be able to authenticate.

I should have read your post again..you cannot modify your ace server. Sorry.

108
Views
0
Helpful
3
Replies
CreatePlease login to create content