hello all,
I have a new vpn setup that uses cisco integrated services router for access control by using AAA model local.
I have two vpn groups set up with the intention of having each group separated access to internal subnets.
currently almost all setup, the only problem is that a user can now enter the group name and key of the vpn that they should not have access to and use their xauth username and password to gain access. As I understand, group key is not very secure.
My question is, can I deny a user access to a vpn group since all users are on the AAA model local? How can I do that?
Thanks in advance