10-05-2012 02:09 AM
Hi
I'd like to know what are best security practices when using local router db for VPN users, I'll have only 3 users to access network VPN.
As far as i know.. local users have also access to router via ssh/serial/telnet is there a way to disable this and make them VPN only?
I've check AAA and it seems you can't attach local users to cerian aaa lists.
I'm using Cisco 1900 Series ISR
Solved! Go to Solution.
10-05-2012 05:41 AM
Hi Luka,
You are correct you could Parser views, refer to:
The LOCAL database of any network device is useful for a small group of users, but it is always better to have an external database like AD maintaining and controlling access level like TACACS.
HTH.
Portu.
Please rate any helpful posts.
10-05-2012 05:41 AM
Hi Luka,
You are correct you could Parser views, refer to:
The LOCAL database of any network device is useful for a small group of users, but it is always better to have an external database like AD maintaining and controlling access level like TACACS.
HTH.
Portu.
Please rate any helpful posts.
10-05-2012 07:18 AM
could you write me an example for this scenario:
enable secret 4 g0rpmgGc.WRIwoCfStjriwwUU8l80hSfH.a65o75m0g
!
aaa new-model
!
aaa authentication login default local
aaa authentication login sslvpn local
!
aaa session-id common
!
username admin secret 4 g0rpmgGc.WRIwoCfStjriwwUU8l80hSfH.a65o75m0g
username luka secret 4 g0rpmgGc.WRIwoCfStjriwwUU8l80hSfH.a65o75m0g
Now i'd like to configure aaa that user luka can only use VPN SSL and not login into router via ssh.
10-05-2012 11:16 AM
Let me check it as soon as I have a chance
10-06-2012 05:40 AM
I'd be extremely grateful if you could do that
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide