Re: define spez. NAS Access

wgutschner · ‎07-24-2002

Is it possible with Cisco ACS, to allow a User access only if the user comes from a spez. NAS. I would like to define a Group and if the user is a member of this group he only gets access if he comes from this spez. NAS. For example i have a VPN-Group (VPN-NAS) and a RAS-Group (RAS-NAS), and a user in the VPN-Group should not be able to dial into the RAS-NAS.

thank you!!

yusuff · ‎07-24-2002

Yes, you can configure NAS restrictions on a per user or group basis.

NAS restrictions on a user-level

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt26/usergd26/ch3.htm#xtocid289908

NAS restrictions on a group-level

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/csnt26/usergd26/ch3.htm#xtocid2899035

HTH

R/Yusuf

wgutschner · ‎07-25-2002

Thank you for the Information but i tried this allready and it doesn't work. For the vpn-group i made a "Denied Calling/Point of Access Locations" for the RAS-Server ( Port=* and IP-Adress=* ) but vpn-user can still dial in to the RAS-Server ?!

Is there a problem with radius authentication?

Thank you, Walter

wgutschner · ‎07-25-2002

Thank you for the Information but i tried this allready and it doesn't work. For the vpn-group i made a "Denied Calling/Point of Access Locations" for the RAS-Server ( Port=* and IP-Adress=* ) but vpn-user can still dial in to the RAS-Server ?!

Is there a problem with radius authentication?

Thank you, Walter