Security for one specific user
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2013 07:14 PM - edited 03-11-2019 05:49 PM
Hello,
We have an ASA 5510 version 8.3 (2) that we accept VPN users via a radius server. Is there a way to lock down a specific user that connects to the ASA as a SSL client or IPSEC VPN user? If the specific user were to connect to the ASA, we would want the user to have minimal to not access to our system. Any help would be greatly appreciated.
Thanks
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2013 11:05 PM
Hi Thomas,
Yes, there are many options.
Basically ASA accept radius attributes returned for user (during user authentication)
You can return attribute:
IPsec-Split-Tunnel-List with the name of ACL on ASA which will be applied for that user (decides which traffic goes thru the tunnel, which not)
You can also use Radius IETF 25 Class attribute and set it to specific group policy name.
In that group policy on ASA you might want to have for example:
simultaneuous logins = 0
More:
http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/uz.html#wp1664777
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ref_extserver.html
---
Michal
