Solved: local user account only for remote vpn access

John Peterson · ‎01-13-2012

Hi,

I would like to create a additional user vpn on a 55010 where the user authenticates with the firewall and not the radius server.

This user should NOT be able to log on to the firewall, but only be able to authenticates with the vpn client.

I'm correct that the command "username abc123 password abc234 privilege 0" ?

Also for this remote vpn how to I make sure the user only authencates with this password?

Thanks

ajay chauhan · ‎01-14-2012

Hi John,

You can do it by modifying the username attributes- Here is the example.

hostname(config)# username anyuser attributes

hostname(config-username)# group-lock {value tunnel-grp-name | none}

To remove-

hostname(config-username)# no group-lock

Thanks

Ajay

Julio Carvajal · ‎01-13-2012

Hello John,

That is correct, with the privilege 0 you will restrict that username to only access via remote access.

each user can has their own and unique password.

Rate posts that helps.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

John Peterson · ‎01-14-2012

Thanks,

In the group policy of the CLI, how can I only allow this username to authenticate with this group policy (tunnel group).

ajay chauhan · ‎01-14-2012

Hi John,

You can do it by modifying the username attributes- Here is the example.

hostname(config)# username anyuser attributes

hostname(config-username)# group-lock {value tunnel-grp-name | none}

To remove-

hostname(config-username)# no group-lock

Thanks

Ajay