Cisco Community
English
Register
ANNOUNCEMENT - Upcoming Changes in the email address of Community email notifications - LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

380
Views
0
Helpful
1
Replies
Highlighted
Charles_Chi4
Beginner
Beginner
‎11-14-2009 12:05 AM
‎11-14-2009 12:05 AM

How to restrict user in vpn remote access using external database in acs4.2

Hi,

I've got ACS 4.2 windows installed in domain member server n run well. I can authenticate using users in AD. I use this ACS for authenticating user for routers & switches access, VPN access and wireless access.

The question is how could i restrict certain person for VPN acess and routers / switches access? But allowed all users in AD for wireless access?

Labels:
0 Helpful
Reply
1 REPLY 1
Highlighted
Jagdeep Gambhir
Advocate
Advocate
‎11-14-2009 07:27 AM
‎11-14-2009 07:27 AM

Re: How to restrict user in vpn remote access using external dat

Charles,

You need to set up NARs to control the device access on the group membership basis.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_tech_note09186a0080858d3c.shtml

Now since we are using windows AD, we need to map AD group with specific ACS group.

Example

Wireless Group ACS <----> Wireless group AD

NAR would be configured on ACS wireless group.

Regards,

~JG

Do rate helpful posts.

0 Helpful
Reply
Latest Contents
What information is shared when I log into SecureX with Micr...
Created by diddly on 07-03-2020 04:05 PM
0
0
0
0
Question When I log into SecureX, I'm given an option to Sign in with MIcrosoft. What information is shared from my profile with Cisco? Answer 1. If you signed in with your work email, the information shared from your profile is controlled by your or... view more
Using Stealthwatch to Monitor IOT devices for exploitation, ...
Created by pejohns2 on 07-02-2020 09:08 AM
0
0
0
0
Stealthwatch Enterprise can be leveraged to monitor vulnerable devices, and alert on potential exploitation by bad actors looking to exploit Ripple20 and other potential vulnerabilities. Note that the concepts and procedures outlined here can be used for... view more
Using Stealthwatch to monitor and alert on suspicious/out-of...
Created by pejohns2 on 07-02-2020 06:23 AM
0
0
0
0
The following is useful to those entities interested in monitoring appropriate usage of Cisco WebEx resources within their environments, as well as those interested in tracking additional metrics around usage of the WebEx service. The relevant supporting... view more
Activated the SecureX ribbon with the wrong account in AMP, ...
Created by diddly on 07-01-2020 05:15 PM
0
0
0
0
Question I'm using AMP, and when I activated the SecureX Ribbon, I mistakenly used the wrong account to connect to SecureX. Now my SecureX Ribbon is connected to the wrong account. How do I fix it? Answer You can clear the SecureX Authorizatio... view more
Activated the SecureX ribbon with the wrong login account in...
Created by diddly on 07-01-2020 11:00 AM
0
0
0
0
Question I'm using Umbrella, and when I activated the Ribbon, I mistakenly used the wrong account to connect to SecureX. Now my SecureX Ribbon is connected to the wrong account. How do I fix it? Answer You can clear the SecureX Authorization for t... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
Cisco Community April 2020 Spotlight Award Winners

Follow our Social Media Channels