Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How do I block a user from VPN'ing in while AD is used for authentiction

We currently use Active Directory to authenticate through IPsec VPN.

Employee was let go..so his AD account was disabled

However, he has another AD username and password that can not be disabled since it

is being used under other services

Our entire company is under one Group Policy

My question is.how would I block him from accessing the network.?

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: How do I block a user from VPN'ing in while AD is used for a

No you wont have to configure any new group-policy. All you have to do is create a create a dap policy saying that if a user comes with this attribute from radius or ldap (username in ur case) apply a certain policy ( terminate ) to it. For rest all users, since they don't match that criterion, they will hit the default dap policy which will alow them normally without applying any policy for them.

4 REPLIES
Silver

Re: How do I block a user from VPN'ing in while AD is used for a

you could use DAP to block that user from authenticating succesffuly. Create a policy to match the user attribute( say sAMAccountName for ldap) and terminate as policy action. For rest of the users, you could use a continue action in the default policy which should allow normal authentication and authorization.

For details on DAP.

http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

New Member

Re: How do I block a user from VPN'ing in while AD is used for a

from the looks of it..I may have to configure an entire new group policy?

however this could impact currrent users

Silver

Re: How do I block a user from VPN'ing in while AD is used for a

No you wont have to configure any new group-policy. All you have to do is create a create a dap policy saying that if a user comes with this attribute from radius or ldap (username in ur case) apply a certain policy ( terminate ) to it. For rest all users, since they don't match that criterion, they will hit the default dap policy which will alow them normally without applying any policy for them.

New Member

Re: How do I block a user from VPN'ing in while AD is used for a

great!...thx!

213
Views
0
Helpful
4
Replies
CreatePlease to create content