topic Security for one specific user in Network Security https://community.cisco.com/t5/network-security/security-for-one-specific-user/m-p/2091613#M392537 <P>Hello,</P><P></P><P>We have an ASA 5510 version 8.3 (2) that we accept VPN users via a radius server. Is there a way to lock down a specific user that connects to the ASA as a SSL client or IPSEC VPN user? If the specific user were to connect to the ASA, we would want the user to have minimal to not access to our system. Any help would be greatly appreciated.</P><P></P><P>Thanks</P> Tue, 12 Mar 2019 00:49:25 GMT thomas.green 2019-03-12T00:49:25Z Security for one specific user https://community.cisco.com/t5/network-security/security-for-one-specific-user/m-p/2091613#M392537 <P>Hello,</P><P></P><P>We have an ASA 5510 version 8.3 (2) that we accept VPN users via a radius server. Is there a way to lock down a specific user that connects to the ASA as a SSL client or IPSEC VPN user? If the specific user were to connect to the ASA, we would want the user to have minimal to not access to our system. Any help would be greatly appreciated.</P><P></P><P>Thanks</P> Tue, 12 Mar 2019 00:49:25 GMT https://community.cisco.com/t5/network-security/security-for-one-specific-user/m-p/2091613#M392537 thomas.green 2019-03-12T00:49:25Z Re: Security for one specific user https://community.cisco.com/t5/network-security/security-for-one-specific-user/m-p/2091614#M392538 <HTML><HEAD></HEAD><BODY><P>Hi Thomas,</P><P></P><P>Yes, there are many options.</P><P>Basically ASA accept radius attributes returned for user (during user authentication)</P><P>You can return attribute:</P><P>IPsec-Split-Tunnel-List with the name of ACL on ASA which will be applied for that user (decides which traffic goes thru the tunnel, which not)</P><P></P><P>You can also use Radius IETF 25 Class attribute and set it to specific group policy name.</P><P>In that group policy on ASA you might want to have for example:</P><P>simultaneuous logins = 0</P><P></P><P>More:</P><P><A href="http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/uz.html#wp1664777" rel="nofollow">http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/uz.html#wp1664777</A></P><P><A href="http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ref_extserver.html" rel="nofollow">http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ref_extserver.html</A></P><P></P><P>---</P><P>Michal</P></BODY></HTML> Sun, 20 Jan 2013 07:05:42 GMT https://community.cisco.com/t5/network-security/security-for-one-specific-user/m-p/2091614#M392538 Michal Garcarz 2013-01-20T07:05:42Z