Re: VPN Restriction in ASA OS 8.22

From: Edouard Zorrilla <ezorrilla_at_tsf.com.pe>
Date: Fri, 19 Mar 2010 21:57:56 -0700

Farrukh,

Thanks for getting back to me. I really want to make sure that a particular
user can only login to a particular group.

Let me see how group-lock works,

Regards

----- Original Message -----
From: "Farrukh Haroon" <farrukhharoon_at_gmail.com>
To: "Edouard Zorrilla" <ezorrilla_at_tsf.com.pe>
Cc: <security_at_groupstudy.com>; "Cisco certification"
<ccielab_at_groupstudy.com>
Sent: Friday, March 19, 2010 1:51 PM
Subject: Re: VPN Restriction in ASA OS 8.22

> Do you want to restrict a group to a single user only?
>
> Or you want to make sure that a particular user 'x' can only login to a
> particular group 'gx'?
>
> Have u seen the group-lock command and the Radius Attribute 25 (Class)?
>
> Regards
>
> Farrukh
>
> On Fri, Mar 19, 2010 at 11:45 PM, Edouard Zorrilla
> <ezorrilla_at_tsf.com.pe>wrote:
>
>> Hi Team,
>>
>> Is there a way I can make something inside the ASA so that one user just
>> can
>> log in to a single group :
>>
>> group-policy CISCO-ENG internal
>> group-policy CISCO-ENG attributes
>> vpn-simultaneous-logins 1
>> vpn-idle-timeout 30
>> vpn-session-timeout 120
>> ipsec-udp enable
>> split-tunnel-policy tunnelall
>> default-domain value dfg.com
>> secure-unit-authentication enable
>> user-authentication enable
>> user-authentication-idle-timeout 10
>> address-pools value POOCISCO-ENG
>> !
>> tunnel-group CISCO-ENG type remote-access
>> tunnel-group CISCO-ENG general-attributes
>> authentication-server-group RADIUS
>> authentication-server-group (outside) RADIUS
>> accounting-server-group RADIUS
>> default-group-policy RAS_test
>> tunnel-group CISCO-ENG ipsec-attributes
>> pre-shared-key *****
>> !
>>
>> Right now any user can log in to any group, this is not wat I want.
>>
>> Thanks
>>
>> Regards
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Mar 19 2010 - 21:57:56 ART

This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:35 ART