Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
0
Helpful
1
Replies

isolating vpn user to one vpn group

sahad15978
Level 1
Level 1

‎09-26-2020 03:19 PM

hello all,

 

I have a new vpn setup that uses cisco integrated services router for access control by using AAA model local.

I have two vpn groups set up with the intention of having each group separated access to internal subnets.

 

currently almost all setup, the only problem is that a user can now enter the group name and key of the vpn that they should not have access to and use their xauth username and password to gain access.  As I understand, group key is not very secure.

 

 

My question is, can I deny a user access to a vpn group since all users are on the AAA model local?  How can I do that?

 

Thanks in advance

 

Labels:
0 Helpful
1 Reply 1

Francesco Molino
VIP Alumni
VIP Alumni

‎09-26-2020 09:12 PM

Hi

 

When you say vpn on ios I believe you're talking about ezvpn?

Here a documentation explaining how to filter the group the user is allowed to connect to:

https://www.cisco.com/c/en/us/support/docs/security/ios-easy-vpn/117634-configure-asa-00.html


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card