06-25-2012 11:56 AM
Hello,
I am using 3945E Router as Easy VPN Server, with 15.1 IOS. On router I have bunch on usernames for VPN authentication, I want to restrict Router management access for them(ssh,telnet, http and so on). Is there any way to do it ?
06-25-2012 01:35 PM
Hi,
You can create access-list with allowed IPs and apply the same for VTY & http config.
hth
MS
06-26-2012 12:52 AM
Hello,
I dont like this solution. I saw one example when it was done with aaa atribute list, and it was working, but on 3945E it is not working.
Here is example :
aaa new-model
!
aaa authentication login ezvpn_users local
aaa authorization network ezvpn_users local
!
aaa attribute list ezvpn_users
attribute type service-type noopt service shell mandatory
!
username user1 password 0 superpasword
username user1 aaa attribute list ezvpn_users
!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide