Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Radius / VPN / SSH Access

All, I happen to be a Windows SysAdmin in a small shop with a Network Team and Cisco ASA firewalls.  We are using the Cisco VPN solution for remote access (the old one, not Anyconnect - my VPN client is

The network team likes to use RADIUS for authentication to access the Switches and Firewalls in our environment, as well as for authenticating VPN users.  This was all set up long before I was here. 

Recently, I was asked to move, add, and make changes to the RADIUS server.  I started looking into this, and I realized that anyone that was in the VPN access security group in Active Directory was able to SSH into the firewall.  Big problem. 

The Network team is now asking me to create an authorization policy based on the Service-Type attribute so that VPN users can not access or SSH into the ASA

I don't have access to the config file, but based on the previous setup, I'd like a second opinion.  Is Service Type attribute the proper way to configure RAIDUS so that VPN uses can authenticate, and admins can SSH into the server?  

  There is plenty on Google on setting up RADIUS for VPN, but I am missing the "RADIUS authentication for VPN and SSH access" piece. 

Version history
Revision #:
1 of 1
Last update:
‎04-16-2014 10:34 AM
Updated by:
Labels (1)