07-28-2013 09:03 AM - edited 03-10-2019 08:41 PM
Good day
i have ASA 5520 ios 8.4(5)
I was configure IPSec remote-access and authentication with tacacs for user (rvpn).
tacacs was configure at FreeBSD tac_plus
the same tacacs is service authentication to management access for users (admin and cisco)
All working, but i can connect over vpn with all users, it is not good for me.
How i can allow vpn connection for some users and deny for other?
all users stay in same tacacs server.
Thanks
07-28-2013 09:16 AM
it might be a little bit difficult for tacacs since it had limitedinfo sent by NAS. and the policy is set on your server, not on ASA. and server is not gonna know which request for vpn auth and which is for device auth...
better setup another server, or use radius.
Sent from Cisco Technical Support iPad App
07-28-2013 02:22 PM
I agree with Shaogin. You need to setup a radius server to use a Group-lock feature. If you would like to accomplish the same with local database, check here
~BR
Jatin Katyal
**Do rate helpful posts**
07-29-2013 05:59 AM
Thank You guys.
I will think about it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide