Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
Radius / VPN / SSH Access
All, I happen to be a Windows SysAdmin in a small shop with a Network Team and Cisco ASA firewalls. We are using the Cisco VPN solution for remote access (the old one, not Anyconnect - my VPN client is 5.0.07.0290)
The network team likes to use RADIUS for authentication to access the Switches and Firewalls in our environment, as well as for authenticating VPN users. This was all set up long before I was here.
Recently, I was asked to move, add, and make changes to the RADIUS server. I started looking into this, and I realized that anyone that was in the VPN access security group in Active Directory was able to SSH into the firewall. Big problem.
The Network team is now asking me to create an authorization policy based on the Service-Type attribute so that VPN users can not access or SSH into the ASA
I don't have access to the config file, but based on the previous setup, I'd like a second opinion. Is Service Type attribute the proper way to configure RAIDUS so that VPN uses can authenticate, and admins can SSH into the server?
There is plenty on Google on setting up RADIUS for VPN, but I am missing the "RADIUS authentication for VPN and SSH access" piece.