cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1053
Views
5
Helpful
2
Replies

ISR Router as Easy VPN Server, local usernames restrict management access to device

ngtransge
Level 1
Level 1

Hello,

I am using 3945E Router as Easy VPN Server, with 15.1 IOS. On router I have bunch on usernames for VPN authentication, I want to restrict Router management access for them(ssh,telnet, http and so on). Is there any way to do it ?

2 Replies 2

mvsheik123
Level 7
Level 7

Hi,

You can create access-list with allowed IPs and apply the same for VTY & http config.

hth

MS

Hello,

I dont like this solution. I saw one example when it was done with aaa atribute list, and it was working, but on 3945E it is not working.

Here is example :

aaa new-model

!

aaa authentication login ezvpn_users local

aaa authorization network ezvpn_users local

!

aaa attribute list ezvpn_users

attribute type service-type noopt service shell mandatory

!

username user1 password 0 superpasword

username user1 aaa attribute list ezvpn_users

!