Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN REMOTE ACCESS / BLOCK TRAFFIC

Hi,

i want all my vpn connections to be denied to access to one of my networks but from that network i can access to my remote connections.

So similiar as DMZ.

I got asa 5540 and ACS 4.2

So far what i tried and didnt succeded

-i create downloadable access list on ACS

-filter on group in ASA

-pushed firewall policy to user client

Solution what was cosest was with firewall policy, but automatcly i got 2 rules on top, to allow all trafic from my location to anywhere :/

any1 got any idea ?

And another question is about user authentication with ACS and ASA

Currently im using RADIUS as protocol and everything is working fine for more then 7 months. Sometimes when users connecting they dont get ip address from ACS (really not that big problem its like from 500 vpn connections maybe 1) but what i wanna to do to lower that number is to change user authenticaion to go not with RADIUS (udp) but with TACACS(tcp).

So where im stuck!

User authentication is ok,but my users cant get ip address from ACS,couse every user got fixed ip?

So any help would be nice

Best regards!

343
Views
0
Helpful
0
Replies