Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

395
Views
0
Helpful
1
Replies
Charles_Chi4
Beginner
Beginner
‎11-14-2009 12:05 AM
‎11-14-2009 12:05 AM

How to restrict user in vpn remote access using external database in acs4.2

Hi,

I've got ACS 4.2 windows installed in domain member server n run well. I can authenticate using users in AD. I use this ACS for authenticating user for routers & switches access, VPN access and wireless access.

The question is how could i restrict certain person for VPN acess and routers / switches access? But allowed all users in AD for wireless access?

Labels:
0 Helpful
1 REPLY 1
Jagdeep Gambhir
Advocate
Advocate
‎11-14-2009 07:27 AM
‎11-14-2009 07:27 AM

Charles,

You need to set up NARs to control the device access on the group membership basis.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_tech_note09186a0080858d3c.shtml

Now since we are using windows AD, we need to map AD group with specific ACS group.

Example

Wireless Group ACS <----> Wireless group AD

NAR would be configured on ACS wireless group.

Regards,

~JG

Do rate helpful posts.

0 Helpful
Latest Contents
FMC API | ACP - Delete disabled rules and generate report.
Created by Anupam Pavithran on 05-06-2021 06:48 AM
0
0
0
0
A python based script to generate report if there are disabled rules under an Access Control Policy and an option to delete those rules in bulk.   Preparation Step 1 Download the script on PCStep 2 Make sure python3 is installed on PC and have reach... view more
FMC API | ACP Double logging detection and mitigation script
Created by Anupam Pavithran on 05-06-2021 06:09 AM
0
0
0
0
A python based script to generate report if there are double logging on FMC ACP (logging at beginning and end), having rule action "Allow" or "Trust". (Option1 ) Also, the logging at the begging will be disabled if logging is detected for both beginning ... view more
CCIE Security in a Remote and Cloud Driven Network: SASE and...
Created by ciscomoderator on 04-30-2021 08:00 AM
1
5
1
5
Meet the Authors Slides - CCIE Security in a Remote and Cloud Driven Network: SASE and Beyond (Live event – Thursday, 29th, 2021 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris) This event had place on Thursday 29th, April 2021 at 10hrs P... view more
CCIE Security in a Remote and Cloud Driven Network: SASE and...
Created by ciscomoderator on 04-30-2021 07:55 AM
3
5
3
5
Meet the Authors Video - CCIE Security in a Remote and Cloud Driven Network: SASE and Beyond (Live event – Thursday, 29th, 2021 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris) This event had place on Thursday 29th, April 2021 at 10hrs P... view more
Cisco Endpoint Security Ask the Experts Resources
Created by vivichia on 04-27-2021 08:41 PM
0
5
0
5
Thanks for attending our Ask the Experts (ATXs) session! Here’s the post-session resources for easy reference. New to ATXs? An ATXs session, offered at no cost, is an hour of real-time learning led by Cisco experts, who will answer your technology questi... view more
Content for Community-Ad