Network Access Control

I am looking for assistance in combining dial services between 2 network providers specifically with domain stripping. We have a local network provider who is using our dial facilities to resell to their clients. Their clients will dial into our NAS ...

I want to restrict access to a group of IPs in my network for certain users dialing in through my NAS. I have read the http://www.cisco.com/warp/public/480/tacacs_ACL1.html and it is exactly what I want to do. I'd like to create ACLs on the ACS Serve...

Hi,I'm using ACS 3.1 with an access server and RADIUS. We maintain two user databases: one i n ACS and one in Novell eDirectory. We want to deal only with one databse in the future, the Novell eDirectory one. I can set up the ACS box to work with t...

Hello,I have a scenario were we have two groups in the VPN 3005, group1 and group2. I also have two users, user1 and user2 who are authenticated in AD via the ACS. What I want to accomplish is to tie user1 with group1 and user2 with group2. For examl...

does anyone have met this kind of this problem? i did see the groups listed in NT group mapping page before, however, i would like to add one more ACS group to using NT group today, and there is no groups listed. it is wierd. What is the cause? a...

I have a basic AAA question...Is it possible with RADIUS to restrict access to certain resources for specific users. In other words how do I configure an access list on the RADIUS that can be applied to users dialling into the network.Can these work...

Hi,I want to configure virtual-profiles on my cisco secure server unix 2.3.6(1) but I have problems if I want to configure more than one parameter.# ./ViewProfile -u testUser Profile Informationuser = test{password = chap "********"service=ppp {proto...

Hi,I am tring to setup VPN connection with:. Cisco VPN Concentrator. Microsoft Windows 2000 VPN client. NT authenticationI got the following log messages:"273 02/03/2003 14:28:59.950 SEV=5 PPP/8 RPT=79 192.168.100.13 User [xxx\yyy]Authenticated succe...

Hello all i have just located that my Cisco ubr7246 CMTS is generating multiple STOP records which shows up in my radius log file , we are using interlink AAA on solaris. bcoz of this multiple STOP records the customers are getting billed multiple...

I want to restrict some users to "show running-config" command. I have created a Shell Command Authorization Set with "show" command "permit running-config". Under the TACACS+ setting the Shell (exec) is selected and Privilege level with a value of ...

I'm trying to config a 12.0(5.1)XP 2900XL IOS switch to automatically go into enable mode once authenticated, without having to enter "enable." I'm running ACS3.1. Her is the AAA config:aaa new-modelaaa authentication login default group tacacs+ loc...

What I want to accomplish, is to use RADIUS to authenticate users to the Inernet. I don't want all users to access the Internet, only a portion of them. I'm using a Pix 515 with 6.2 software. I have RADIUS installed on our NT 4.0 PDC. What I ne...

I want so setup a hub and spoke ipsec tunnel topology with a redundant hub (hsrp based). I wonder how to implement certificate based authentication in this case as both router share the same ip address? Do they need to have the same keys and certific...

Hello Guy,i am running a Cisco secure ACS v3.0 and wannt all 7000 User on the group default Groupcann some one tell me how to do it ? the only possibilty i see ist manualy deleting usersThanks for any helpAlain

Is it possible to authenticate outgoing HTTP connections through a router with Cisco ACS as is done with the PIX?Thank you.