Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN user control

Users connecting to our VPN 3000 concentrator are authenticated via SecurID. We would like to allow VPN access only for specific users and not for all the users which are having a SecurID card. Can this be achieved without doing modifications on the SecurID server?

New Member

Re: VPN user control

Someone can correct me if I'm wrong but I do believe that user level access control has to be managed by the SecurID (radius?) server.

When you use a securID token the cisco passes off the authentication to that box and its up to the SecurID server to say if that user should or shouldn't be allowed remote access, and if so at what level.

This is my experience from reading the docs and working on the routers. Haven't done much work actually configuring SecurID servers though.

You might want to go and look up controlling user access levels (ie remote access) on your SecurID server docs.

New Member

Re: VPN user control

Unfortunately we don't have the rights to do modifications to the SecurID server and I was hoping to perform a further user control on the VPN concentrator. I already played around with the "Group Lock" feature, but so far without success.

New Member

Re: VPN user control

I think this can be done. On you rsa ace server do you have an agent host configured for your concentrator? If so, I believe you can just assign the agent host for your concentrator to those individuals you want to have access. If an individual is not assigned that agent host, then they should not be able to authenticate.

I should have read your post cannot modify your ace server. Sorry.

CreatePlease login to create content