09-09-2019 12:52 AM
Dear members,
I would like to know if there is any way to create a policy in ISE to provide access to remote virtual machine for a user. I do not want anyone else accessing the remote virtual machine.
Requirement:
User will be connected through VPN and will take remote virtual machine to access the network. I want to create policy to authenticate specific user to a specific virtual machine. Is it possible? Can anyone help me with this?
09-09-2019 03:45 AM
If this is a VMWare environment then you would be better off granting individual user rights (RBAC) to that user. You can lock down the VM and countless menu options to constrain the user to a VM and its inner workings. This is not a job for RADIUS or TACACS+
As for the VPN access, that could involve RADIUS - but it would not necessarily provide the ability to restrict a user to one machine.
Having said that, if you can explain your scenario in more detail, then we might be able to be more precise.
regards
Arne
09-09-2019 04:34 AM
You can make use of scalable group tags (SGTs). these VMs or server group access with user groups will be defined in the trustsec policy matrix in ISE . you can find many documents online describing this approach.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide