Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
349
Views
0
Helpful
0
Comments

Radius / VPN / SSH Access

ReturnoftheJeremy
Community Member

on ‎04-16-2014 10:34 AM

All, I happen to be a Windows SysAdmin in a small shop with a Network Team and Cisco ASA firewalls.  We are using the Cisco VPN solution for remote access (the old one, not Anyconnect - my VPN client is 5.0.07.0290)

The network team likes to use RADIUS for authentication to access the Switches and Firewalls in our environment, as well as for authenticating VPN users.  This was all set up long before I was here. 

Recently, I was asked to move, add, and make changes to the RADIUS server.  I started looking into this, and I realized that anyone that was in the VPN access security group in Active Directory was able to SSH into the firewall.  Big problem. 

The Network team is now asking me to create an authorization policy based on the Service-Type attribute so that VPN users can not access or SSH into the ASA

I don't have access to the config file, but based on the previous setup, I'd like a second opinion.  Is Service Type attribute the proper way to configure RAIDUS so that VPN uses can authenticate, and admins can SSH into the server?  

  There is plenty on Google on setting up RADIUS for VPN, but I am missing the "RADIUS authentication for VPN and SSH access" piece. 

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents