Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1117
Views
0
Helpful
2
Replies

Cisco Client VPN connection only for one user profile

kashifsethi
Level 1
Level 1

‎12-02-2015 04:36 AM

Hi,

Our users are using Cisco Client VPN to connect to a remote site and same machine also use by other user who dont have VPN and are not allowed to connect to remote site. 

Issue is, if a user connect to VPN and switch user to allow other users to login on same machine (who dont have access to remote site), we have seen VPN client stay connectyed and second user also has access to remote site using first user VPN profile. 

Ideally I would like to acheive below:

VPN user connect to VPN and switch user to allow other users to logon on same machine.

1. VPN should stay connected for first user profile

2. We dont want to allow access to remote site for second user. 

3. We dont want to disconect VPN after switch user or log off

Can some please please advise how we can acheive this to make any change on client side or user profile. We dont want to make any change on CIsco firewall. 

Thanks,

Kashif

Labels:
0 Helpful
2 Replies 2

Bharat Negi
Level 1
Level 1

‎12-02-2015 04:56 AM

Hi Kashif

As far as VPN is connected user1 & user2 will have access remote site.  You can stop user2 on IP layer.  

You can surely apply restriction to user2 profile.  I am hopoing user1 is accessing some application at remote site.  The application must restrict user2 from accessing it (like it should prompt a username/password which user2 must not have).  Or even if User2 want to telnet/ssh any device in remote site, the device AAA mechanism should restric user2.

Regards

Bharat

0 Helpful

kashifsethi
Level 1
Level 1
In response to Bharat Negi

‎12-02-2015 05:14 AM

Thanks Bharat for your reply. 

Just to clarify both user 1 and user 2 is the same person with different profiles. The only way to access remote side is remote desktop. 

With user 1 profile they dont have access to internet and have access to remote site.

With User 2 profile they have internet access bit no access to remote side. 

Also they can't access one profile data from second profile. 

I am agreed with you that we can block on IP layer but in our case one user have two different accounts so he can access remote side using after login with user 2 profile with his user 1 account. The only way I can think off to block remote desktop, for user 2 so they can't access remote side and user 2 dont need remote desktop for any other server.

Is there any other way to block VPN on user profile level?

Thanks,

Kashif

0 Helpful
Customers Also Viewed These Support Documents