Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
440
Views
0
Helpful
1
Replies

locking down users access

Tim Glen
Cisco Employee
Cisco Employee

‎02-13-2009 08:48 PM - edited ‎03-10-2019 04:20 PM

Hi

I'm using Windows 2003 IAS to do authentication for my ASA ver 8.0.4.

On the ASA I use group policy's and vpn-filter along with access-lists to control the access that IPSEC VPN users have. The access-list allows access to a common pool of servers that all need access to and deny's access to the rest of the network.

I have a bunch of users that when on the VPN they need RDP access to their PC. Up to this point I have been just adding a new permit line to the access-list that's attached to vpn-filter. This has worked however it also allows UserA access to UserB and UserC's PC. This is quickly growing into swiss cheese with all the holes.

I'm looking for a way to give access to UserA to her PC but not UserB and UserC's PC and also allow all users access to the common server pool.

Any ideas ? Thanks Much!

Labels:
0 Helpful
1 Reply 1

Ivan Martinon
Level 7
Level 7

‎02-16-2009 07:24 AM

You might want to take a look at Dynamic Access Policies, it allows you to make control more granular based on network lists:

https://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

0 Helpful
Customers Also Viewed These Support Documents