cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
521
Views
0
Helpful
2
Replies

Restrict access to per user per virtual machine

Dear members,

 

I would like to know if there is any way to create a policy in ISE to provide access to remote virtual machine for a user. I do not want anyone else accessing the remote virtual machine.

 

Requirement:

     User will be connected through VPN and will take remote virtual machine to access the network. I want to create policy to authenticate specific user to a specific virtual machine. Is it possible? Can anyone help me with this?

2 Replies 2

Arne Bier
VIP
VIP

Hi pradeep.r6@tcs.com 

 

If this is a VMWare environment then you would be better off granting individual user rights (RBAC) to that user. You can lock down the VM and countless menu options to constrain the user to a VM and its inner workings.  This is not a job for RADIUS or TACACS+

 

As for the VPN access, that could involve RADIUS - but it would not necessarily provide the ability to restrict a user to one machine.

 

Having said that, if you can explain your scenario in more detail, then we might be able to be more precise.

 

regards

Arne

Nidhi
Cisco Employee
Cisco Employee

You can make use of scalable group tags (SGTs). these VMs or server group access  with user groups will be defined in the trustsec policy matrix in ISE . you can find many documents online describing this approach. 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-24/213616-how-to-configure-cisco-trustsec-sgts-u.html