Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
659
Views
0
Helpful
1
Replies

AAA local user management VPN.

ilukeberry
Level 1
Level 1

‎10-04-2012 02:12 PM - edited ‎03-10-2019 07:38 PM

Hi

I'm a bit new to Cisco and i find this AAA a bit confusing...

I've turend on AAA by:

aaa new-model

and it created me:

aaa authentication login default local

Can I use this "default" list for WebVPN ? And what would be a different if i create new "sslvpn" list...

Also when I'll be creating user for VPN remote access.. that user will also exist in local database and have access to router via SSH?

Because the research I've done it doesn't seem you can group users in different "aaa groups" e.g. user admin belongs under "admin" aaa group which can do ssh to router, users for VPN can only do remote VPN access and not SSH and login into router...

i saw ASA has some attribute for users called remote-user

admin, in which users are allowed access to the configuration mode. This option also allows a user to connect via remote access.

nas-prompt, in which users are allowed access to the EXEC mode.

remote-access, in which users are allowed access to the network.

But i can't find this option in IOS on my 1900 Series ISR router.

Labels:
0 Helpful
1 Reply 1

Tarik Admani
VIP Alumni
VIP Alumni

‎10-05-2012 10:55 PM

Luka,

The ASA and the IOS webvpn is a little different here is a guide that will point you in the right direction:

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_sslvpn/configuration/15-2mt/sec-conn-sslvpn-ssl-vpn.html#GUID-8A423FE8-F5CD-438D-9FE5-DE6E2E05F813

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful
Customers Also Viewed These Support Documents