12-23-2008 10:07 AM - edited 03-10-2019 04:15 PM
Hi, sorry for this subject as there are many similar threads but not identical. Having a little trouble getting this to work even after searching all the related threads exhaustively.
I have an IOS router for VPN client access. Authentication and group authorisation for users done on ACS. This works well, but have the consequence of user able to login to router with telnet/ssh. I know I could create ACLs so that only certain mgmt IP addresses may connect, but would prefer to control telnet/ssh access through ACS.
ACS 4.1 is used for VPN and Telnet/SSH access.
How do I configure the NAR in order to give users VPN access to router while disallowing telnet/SSH?
Thanks!
12-23-2008 12:15 PM
Use only IP based NAR. That control's only IP based connections such as SSH and telnet. It won't impact vpn connection.
Regards,
~JG
Do rate helpful posts
12-27-2008 09:42 PM
Hi,
Thanks for the reply, but it still doesn't work.
I have two groups: admin (no restrictions) & vpnusers
In my vpnusers groups, I created an IP based NAR to restrict (r1841 * *) all to my router.
SSH/Telnet access is effectively denied for users in the vpnusers group, but I can't connect to that same router with VPN client with same user.
Thanks again for your help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide