https://community.cisco.com/t5/network-access-control/restrict-access-to-per-user-per-virtual-machine/m-p/3921059#M457221 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/834477">pradeep.r6@tcs.com</a>&nbsp;</P> <P>&nbsp;</P> <P>If this is a VMWare environment then you would be better off granting individual user rights (RBAC) to that user. You can lock down the VM and countless menu options to constrain the user to a VM and its inner workings.&nbsp; This is not a job for RADIUS or TACACS+</P> <P>&nbsp;</P> <P>As for the VPN access, that could involve RADIUS - but it would not necessarily provide the ability to restrict a user to one machine.</P> <P>&nbsp;</P> <P>Having said that, if you can explain your scenario in more detail, then we might be able to be more precise.</P> <P>&nbsp;</P> <P>regards</P> <P>Arne</P> Mon, 09 Sep 2019 10:45:09 GMT Arne Bier 2019-09-09T10:45:09Z https://community.cisco.com/t5/network-access-control/restrict-access-to-per-user-per-virtual-machine/m-p/3920986#M457216 <P>Dear members,</P><P>&nbsp;</P><P>I would like to know if there is any way to create a policy in ISE to provide access to remote virtual machine for a user. I do not want anyone else accessing the remote virtual machine.</P><P>&nbsp;</P><P>Requirement:</P><P>&nbsp; &nbsp; &nbsp;User will be connected through VPN and will take remote virtual machine to access the network. I want to create policy to authenticate specific user to a specific virtual machine. Is it possible? Can anyone help me with this?</P> Mon, 09 Sep 2019 07:52:20 GMT https://community.cisco.com/t5/network-access-control/restrict-access-to-per-user-per-virtual-machine/m-p/3920986#M457216 pradeep.r6@tcs.com 2019-09-09T07:52:20Z https://community.cisco.com/t5/network-access-control/restrict-access-to-per-user-per-virtual-machine/m-p/3921059#M457221 <P>Hi&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/834477">pradeep.r6@tcs.com</a>&nbsp;</P> <P>&nbsp;</P> <P>If this is a VMWare environment then you would be better off granting individual user rights (RBAC) to that user. You can lock down the VM and countless menu options to constrain the user to a VM and its inner workings.&nbsp; This is not a job for RADIUS or TACACS+</P> <P>&nbsp;</P> <P>As for the VPN access, that could involve RADIUS - but it would not necessarily provide the ability to restrict a user to one machine.</P> <P>&nbsp;</P> <P>Having said that, if you can explain your scenario in more detail, then we might be able to be more precise.</P> <P>&nbsp;</P> <P>regards</P> <P>Arne</P> Mon, 09 Sep 2019 10:45:09 GMT https://community.cisco.com/t5/network-access-control/restrict-access-to-per-user-per-virtual-machine/m-p/3921059#M457221 Arne Bier 2019-09-09T10:45:09Z https://community.cisco.com/t5/network-access-control/restrict-access-to-per-user-per-virtual-machine/m-p/3921084#M457231 <P>You can make use of scalable group tags (SGTs). these VMs or server group access&nbsp; with user groups will be defined in the trustsec policy matrix in ISE . you can find many documents online describing this approach.&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-24/213616-how-to-configure-cisco-trustsec-sgts-u.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-24/213616-how-to-configure-cisco-trustsec-sgts-u.html</A></P> Mon, 09 Sep 2019 11:34:31 GMT https://community.cisco.com/t5/network-access-control/restrict-access-to-per-user-per-virtual-machine/m-p/3921084#M457231 Nidhi 2019-09-09T11:34:31Z