RADIUS on ASA 55xx for Administration AND VPN

Discussion in 'Cisco' started by enbrander@gmail.com, Nov 11, 2006.

  1. Guest

    I am trying to set up an ASA 5510 for RADIUS authentication using MS
    IAS RADIUS for both administration of the ASA and for VPN access. Both
    work however it doesn't differentiate between the groups. If a user is
    a member of the VPN group, they can get access to telnet/enable as well
    since it just matches the first group it finds.

    Is there a parameter I can specify for using RADIUS for administrative
    login vs VPN other than just windows group matching?

    TIA,

    Eric
    , Nov 11, 2006
    #1
    1. Advertising

  2. response3 Guest

    I've been playing with IAS for a while, and have always wanted to know
    the same thing. I know TACACS+ servers can do this, and I think there
    are attributes in RADIUS that can do this, but I've yet to figure it
    out.

    Brian


    wrote:
    > I am trying to set up an ASA 5510 for RADIUS authentication using MS
    > IAS RADIUS for both administration of the ASA and for VPN access. Both
    > work however it doesn't differentiate between the groups. If a user is
    > a member of the VPN group, they can get access to telnet/enable as well
    > since it just matches the first group it finds.
    >
    > Is there a parameter I can specify for using RADIUS for administrative
    > login vs VPN other than just windows group matching?
    >
    > TIA,
    >
    > Eric
    response3, Nov 11, 2006
    #2
    1. Advertising

  3. response3 Guest

    Does anyone know the answer for this?
    response3, Dec 12, 2006
    #3
  4. Chad Mahoney Guest

    response3 wrote:
    > Does anyone know the answer for this?
    >


    Know the answer for what? You have snipped the entire content of the
    message.
    Chad Mahoney, Dec 13, 2006
    #4
  5. response3 Guest

    Chad Mahoney wrote:
    > response3 wrote:
    > > Does anyone know the answer for this?
    > >

    >
    > Know the answer for what? You have snipped the entire content of the
    > message.


    My apologies. I guess everyone doesn't use google groups :) Here's
    what I was looking for:

    wrote:
    > I am trying to set up an ASA 5510 for RADIUS authentication using MS
    > IAS RADIUS for both administration of the ASA and for VPN access. Both
    > work however it doesn't differentiate between the groups. If a user is
    > a member of the VPN group, they can get access to telnet/enable as well
    > since it just matches the first group it finds.
    >
    > Is there a parameter I can specify for using RADIUS for administrative
    > login vs VPN other than just windows group matching?
    >
    > TIA,
    >
    > Eric
    response3, Dec 13, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. meni

    ASA 55XX VPN log

    meni, Oct 28, 2007, in forum: Cisco
    Replies:
    1
    Views:
    495
    Scott Perry
    Oct 29, 2007
  2. Giuen
    Replies:
    0
    Views:
    564
    Giuen
    Sep 12, 2008
  3. ted

    ASA 55xx oid active user

    ted, Nov 5, 2008, in forum: Cisco
    Replies:
    0
    Views:
    500
  4. Heribert Steuer
    Replies:
    1
    Views:
    1,687
    Darren Green
    Feb 14, 2009
  5. asidko
    Replies:
    0
    Views:
    1,766
    asidko
    Apr 5, 2010
Loading...

Share This Page