Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
520
Views
0
Helpful
2
Replies

Restrict access to per user per virtual machine

pradeep.r6@tcs.com
Level 1
Level 1

‎09-09-2019 12:52 AM

Dear members,

 

I would like to know if there is any way to create a policy in ISE to provide access to remote virtual machine for a user. I do not want anyone else accessing the remote virtual machine.

 

Requirement:

     User will be connected through VPN and will take remote virtual machine to access the network. I want to create policy to authenticate specific user to a specific virtual machine. Is it possible? Can anyone help me with this?

0 Helpful
2 Replies 2

Arne Bier
VIP
VIP

‎09-09-2019 03:45 AM

Hi pradeep.r6@tcs.com 

 

If this is a VMWare environment then you would be better off granting individual user rights (RBAC) to that user. You can lock down the VM and countless menu options to constrain the user to a VM and its inner workings.  This is not a job for RADIUS or TACACS+

 

As for the VPN access, that could involve RADIUS - but it would not necessarily provide the ability to restrict a user to one machine.

 

Having said that, if you can explain your scenario in more detail, then we might be able to be more precise.

 

regards

Arne

0 Helpful

Nidhi
Cisco Employee
Cisco Employee

‎09-09-2019 04:34 AM

You can make use of scalable group tags (SGTs). these VMs or server group access  with user groups will be defined in the trustsec policy matrix in ISE . you can find many documents online describing this approach. 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-24/213616-how-to-configure-cisco-trustsec-sgts-u.html

0 Helpful
Customers Also Viewed These Support Documents