cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

380
Views
0
Helpful
1
Replies
Highlighted
Beginner

How to restrict user in vpn remote access using external database in acs4.2

Hi,

I've got ACS 4.2 windows installed in domain member server n run well. I can authenticate using users in AD. I use this ACS for authenticating user for routers & switches access, VPN access and wireless access.

The question is how could i restrict certain person for VPN acess and routers / switches access? But allowed all users in AD for wireless access?

1 REPLY 1
Highlighted

Re: How to restrict user in vpn remote access using external dat

Charles,

You need to set up NARs to control the device access on the group membership basis.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_tech_note09186a0080858d3c.shtml

Now since we are using windows AD, we need to map AD group with specific ACS group.

Example

Wireless Group ACS <----> Wireless group AD

NAR would be configured on ACS wireless group.

Regards,

~JG

Do rate helpful posts.