Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
378
Views
0
Helpful
2
Replies

How to lock pix groups to TACACS groups

admin_2
Level 3
Level 3

‎11-04-2005 01:17 PM - edited ‎02-21-2020 02:05 PM

I have a Pix V7 together with a TACACS to Authenticate.

This TACACS is also Autenticating two ISDN RAS Concetrators.

Bevore I updated the pix to V7 the autentication was perfect.

Now after update i found that also Users of other TACACS groups can login on the pix.

I tried group lock in the group policies, but it didn't change anything.

Labels:
0 Helpful
2 Replies 2

m.sir
Level 7
Level 7

‎11-08-2005 03:28 AM

What kind of TACACS do you have???? If u have Cisco ACS it could be done with NAR. Select group for which you want disable access to pix, edit and in the field Network Access Restrictions (NAR) define IP-based access restriction select denied/calling point of access restriction and list, there select your pix and for address and port type * * (all)

HTH

0 Helpful

Not applicable
In response to m.sir

‎11-14-2005 01:03 AM

Thank you...this helps to limit the group to a NAS.

But I have still a problem.

I have two VPN-Groups defined on the pix.

Both are using the same IP-pool.

One is allowing split tunnel, the otherone not.

I want to lock users into one of those groups.

Before I updated the pix this was working fine. Now in V7 the pix group does not have to match to the TACACS group anymore.

I tried to use:

group-policy SoftClient attributes

group-lock value SoftClient

But this doesn't help too.

0 Helpful
Customers Also Viewed These Support Documents