Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
664
Views
0
Helpful
1
Replies

Security for one specific user

thomas.green
Level 1
Level 1

‎01-19-2013 07:14 PM - edited ‎03-11-2019 05:49 PM

Hello,

We have an ASA 5510 version 8.3 (2) that we accept VPN users via a radius server. Is there a way to lock down a specific user that connects to the ASA as a SSL client or IPSEC VPN user? If the specific user were to connect to the ASA, we would want the user to have minimal to not access to our system. Any help would be greatly appreciated.

Thanks

Labels:
0 Helpful
1 Reply 1

Michal Garcarz
Cisco Employee
Cisco Employee

‎01-19-2013 11:05 PM

Hi Thomas,

Yes, there are many options.

Basically ASA accept radius attributes returned for user (during user authentication)

You can return attribute:

IPsec-Split-Tunnel-List with the name of ACL on ASA which will be applied for that user (decides which traffic goes thru the tunnel, which not)

You can also use Radius IETF 25 Class attribute and set it to specific group policy name.

In that group policy on ASA you might want to have for example:

simultaneuous logins = 0

More:

http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/uz.html#wp1664777

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ref_extserver.html

---

Michal

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card