Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
960
Views
0
Helpful
1
Replies

VPN groups

laptev.valery
Level 1
Level 1

‎08-10-2010 09:41 PM - edited ‎02-21-2020 04:47 PM

I am running asa804-k8.bin on ASA 5520.

License is: VPN Plus

We use VPN with cisco VPN-client.

for user authentication i am using tacacs server.

for example:

vpn 1:

ASA:

VPN Group                       :Group_A

PSK                                 :Very_Secret_A

Authentication server group: Group_A

                              Server: Tacacs

Tacacs:

group of users: Group_A

        User: user1

Password: Password2

vpn 2:

ASA:

VPN Group                       : Group_B

PSK                                 : Very_Secret_B

Authentication server group: Group_B

                              Server: Tacacs

Tacacs:

group of users: Group_B

        User: user2

Password: Password2

----------------------------------------------------

Problem is: if User1 know the PSK of Group2, he can successfully use VPN2. Same for user1.

Is there any option to disable user1 for Grpou_B???

Labels:
0 Helpful
1 Reply 1

jan.nielsen
Level 7
Level 7

‎08-29-2010 01:15 PM

There is a feature called group lock which does what you wan't, look for the option called Class/25, in there you put OU=; without the brackets, and the asa will only allow that user to login to that specific group policy. However i don't know if it works with tacacs, as it normally is sent as radius attributes

0 Helpful
Customers Also Viewed These Support Documents