Do you want to restrict a group to a single user only?
Or you want to make sure that a particular user 'x' can only login to a
particular group 'gx'?
Have u seen the group-lock command and the Radius Attribute 25 (Class)?
Regards
Farrukh
On Fri, Mar 19, 2010 at 11:45 PM, Edouard Zorrilla <ezorrilla_at_tsf.com.pe>wrote:
> Hi Team,
>
> Is there a way I can make something inside the ASA so that one user just
> can
> log in to a single group :
>
> group-policy CISCO-ENG internal
> group-policy CISCO-ENG attributes
> vpn-simultaneous-logins 1
> vpn-idle-timeout 30
> vpn-session-timeout 120
> ipsec-udp enable
> split-tunnel-policy tunnelall
> default-domain value dfg.com
> secure-unit-authentication enable
> user-authentication enable
> user-authentication-idle-timeout 10
> address-pools value POOCISCO-ENG
> !
> tunnel-group CISCO-ENG type remote-access
> tunnel-group CISCO-ENG general-attributes
> authentication-server-group RADIUS
> authentication-server-group (outside) RADIUS
> accounting-server-group RADIUS
> default-group-policy RAS_test
> tunnel-group CISCO-ENG ipsec-attributes
> pre-shared-key *****
> !
>
> Right now any user can log in to any group, this is not wat I want.
>
> Thanks
>
> Regards
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Mar 19 2010 - 23:51:48 ART
This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:35 ART