Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
490
Views
0
Helpful
3
Replies

ACS shell profile to only allow VPN authentication from TACACS+

jamescox3
Level 1
Level 1

‎09-17-2014 06:01 AM - edited ‎03-10-2019 10:02 PM

I'm currently rebuilding all of my VPN profiles after it was found that we were using TACACS+ for authentication to the VPNs, that would also allow users to SSH all of the network infrastructure. The new profiles will be radius based and will take some time to get them to the users.

In the meantime I'm looking to create a new shell profile for the VPN users that will only allow them to authenticate to the VPN and not gain access to the CLI of the infrastructure.

 

Thanks

Labels:
0 Helpful
3 Replies 3

saxenanitesh8522
Level 4
Level 4

‎09-22-2014 08:12 AM

Hi,

did you find any solution for this??

 

I am also stuck on the same issue...

0 Helpful

jamescox3
Level 1
Level 1
In response to saxenanitesh8522

‎09-23-2014 05:09 AM

I haven't found one yet. I think if i setup a service selection rule it should work but I haven't found anything formal to confirm yet.

0 Helpful

saxenanitesh8522
Level 4
Level 4
In response to jamescox3

‎09-24-2014 11:52 PM

Hi,

i tested this with Cisco ACS 5.5 with TACACS for VPN tunnel it doesn't work.

It gives you an error which is stated that service protocol used is for device administration.

So it doesn't all VPN authentication to work. but for radius this works properly.

 

Thanks & Regards,

Nitesh

0 Helpful
Customers Also Viewed These Support Documents