I want to define a user/group that has the ability to connect to a VPN, but not via the CLI or any other method.
Currently my VPN users can also log in via the CLI on my routers. They don't have enable access of course, but I would like to prevent them from being able to get on at all if possible.
Right now I am using a "default service = permit." The only other definitions are "ppp protocol" and "default service =
deny" that I can find.
Thanks,
Aaron