Solved: VPN Creation on ISE

Shao · ‎08-12-2020

I am new on this setup.

Trying to set up a new VPN connection for a small group of users on AD. I am able to pick out the group but how can I restrict them to a group of computers that they can remote into? Is there a way that I can only include RDP in the VPN access rule?

Any documents or videos for DIY are welcome.

Thank you,

Shao

Rob Ingram · ‎08-12-2020

Hi,

You could apply a Downloadable ACL (DACL) in an ISE Authorisation rule to those users in that group that permits them access only to the server(s).

This example demostrates how to configure a DACL in ISE (you can ignore the Posture configuration).

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117693-configure-ASA-00.html

https://www.petenetlive.com/KB/Article/0001155

HTH

View solution in original post

Rob Ingram · ‎08-12-2020

Hi,

You could apply a Downloadable ACL (DACL) in an ISE Authorisation rule to those users in that group that permits them access only to the server(s).

This example demostrates how to configure a DACL in ISE (you can ignore the Posture configuration).

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/117693-configure-ASA-00.html

https://www.petenetlive.com/KB/Article/0001155

HTH

Shao · ‎08-14-2020

Thank you Rob. That is what I needed to get this small project started.