I know I can control access to a VPN using ACL and restrict client and protocols, is there a way I can get it to require a user to enter a username/password and log this to syslog when they use a tunnel?
It is possible with vpn 3002 concentrator running minimum 3.5. codes. So, I believe this explanation in vpn 3002 concentrator will be helpful for you also in the 1841 router.
In vpn 3002 concentrator, Under "Client Hardware parameters tab" , there is an option called "Require Individual User Authentication" . Check the "Require Individual User Authentication" check box to enable individual user authentication.
Individual user authentication protects the central site from access by unauthorized persons on the same LAN as the VPN 3002.
When you enable individual user authentication, each user that connects through a VPN 3002 must open a web browser and manually enter a valid username and password to access the network behind the VPN Concentrator, even though the tunnel already exists.
You cannot use the command-line interface to log in if user authentication is enabled.
You must use a browser.
If you have a default home page on the remote network behind the VPN Concentrator, or direct the browser to a website on the remote network behind the VPN Concentrator, the VPN 3002 directs the browser to the proper pages for user login. When you successfully log in, the browser displays the page you originally entered.
If you try to access resources on the network behind the VPN Concentrator that are not web-based, for example, email, the connection will fail until you authenticate.
To authenticate, you must enter the IP address for the private interface of the VPN 3002 in the browser Location or Address field. The browser then displays the login screen for the VPN 3002. Click the Connect/Login Status button to authenticate. One user can log in for a maximum of four sessions simultaneously.
Individual users authenticate according to the order of authentication servers that you configure
for a group. To configure authentication servers for individual user authentication, see the sections,
Configuration | User Management | Base Group/Groups | Authentication Servers | Add/Modify
Are you responsible for risk management, compliance management and auditing of a network?
If so, we’d like to speak with you to learn your current processes of enforcing compliance and managing risk to help us develop services that will ...
Once you've expanded Cisco Secure Endpoint connector deployment to about 50% of your licensed count (check out this article that shows you how to do that), it's time to put those connectors to action i.e. convert them to Protect from Audit mode for vari...
Hello! I’m Betsy, UX Researcher, on the Cisco+ Secure Connect Now team. Nice to meet you all .We have a short survey to learn about your Zero Trust Network Access (ZTNA) journey. Whether you have, plan to, or have not implemented a ...
A set of interface access rules can cause the Cisco Adaptive Security Appliance to permit or deny a designated host to access another particular host with a specific network application (service). When there is only one client, one host and one se...
How To: Cisco ISE Captive Portals with Aruba Wireless
Authors: Adam Hollifield, Brad Johnson
IntroductionPrerequisitesMinimum RequirementsComponents UsedConfigurationAruba Wireless ControllerWLAN CreationAuthentication ConfigurationRole & Policy Confi...