09-18-2000 06:50 AM - edited 02-21-2020 11:14 AM
I have set up a VPN tunnel, using IPSEC, between 2 sites using the Internet as the backbone. I am using a Cisco 7200 and Cisco 3640 to form the VPN tunnel.
Questions:
1.Is it possible to restrict the number of users using this VPN tunnel to access the resources in the main site.I am currently emplying NAT to do this. But is there a better solution.
2. Can I audit the users using the VPN tunnel.
Thanks in advance!
09-29-2000 01:42 PM
1. It's possible to use your AAA server to "authorize" only specific users access to the other site.
2. What type of auditing are you looking to do? You can have your AAA server do some accounting as well.
10-02-2000 07:13 AM
Could you give me a sample how to configure authorizing and accounting?
Thanks.
11-10-2000 10:25 AM
Here are the entries for AAA that I have in my 2600 that is used as a RAS server. The last line is the one that gives me accounting entries for Start Stop and bytes transferred, etc. These entries will not work for a PIX. Does anyone have the entries necessary to do accounting through AAA on a PIX VPN solution?
aaa new-model
aaa authentication login default tacacs+ local
aaa authentication ppp default if-needed tacacs+
aaa authorization network default tacacs+
aaa accounting network default start-stop tacacs+
11-17-2000 07:19 AM
The Syntax is very different on the PIX. Use the aaa accounting include command with the acctg_service option. With acctg_service you can specify the protocol/port for accounting. The default of any only runs accounting output on all TCP services. To get accounting for esp or udp and other protocols you must specify them verbatim.
11-17-2000 07:13 AM
One option you have is to restrict users via your access-list if you dont want them using tunneling. If your concern is too many users using tunneling at one time Id look into doing some traffic shaping and queuing with QoS. I know IOS has that capability. I havent had to do any of that on my network but maybe someone else here has.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide