Users connecting to our VPN 3000 concentrator are authenticated via SecurID. We would like to allow VPN access only for specific users and not for all the users which are having a SecurID card. Can this be achieved without doing modifications on the SecurID server?
Someone can correct me if I'm wrong but I do believe that user level access control has to be managed by the SecurID (radius?) server.
When you use a securID token the cisco passes off the authentication to that box and its up to the SecurID server to say if that user should or shouldn't be allowed remote access, and if so at what level.
This is my experience from reading the docs and working on the routers. Haven't done much work actually configuring SecurID servers though.
You might want to go and look up controlling user access levels (ie remote access) on your SecurID server docs.
Unfortunately we don't have the rights to do modifications to the SecurID server and I was hoping to perform a further user control on the VPN concentrator. I already played around with the "Group Lock" feature, but so far without success.
I think this can be done. On you rsa ace server do you have an agent host configured for your concentrator? If so, I believe you can just assign the agent host for your concentrator to those individuals you want to have access. If an individual is not assigned that agent host, then they should not be able to authenticate.
I should have read your post again..you cannot modify your ace server. Sorry.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :