[c-nsp] Remote Access to MPLS based VPN
Virgil
virgil at webcentral.com.au
Tue Feb 15 20:23:13 EST 2005
On 15/2/05 12:17 AM, "BoXeR" <piestaga at aster.pl> wrote:
> Do yo know the method, how to limit the possibility to allow the user1 and
> user2 login only to its group.
What you are looking for is called "group-lock", introduced in 12.2(13)T
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guid
e09186a0080087d1e.html#wp1141726 (Or http://tinyurl.com/5zyt8)
Add this to your config:
crypto isakmp client configuration group group1
group-lock
crypto isakmp client configuration group group2
group-lock
> both users are configured on external radius and they have ip addreses
> assigned from 2 separate pools during the process of authentication.
And add this to your RADIUS profiles:
user1 Password = "cisco"
Service-Type = Outbound-User,
Tunnel-Type="ESP",
Tunnel-Password="password",
cisco-avpair = "ipsec:addr-pool=poolname",
....
cisco-avpair = "ipsec:group-lock=1"
Regards
Virgil
--
Virgil Tel: +61 7 3230 7332
Infrastructure Projects Manager Fax: +61 1800 640 098
WebCentral Pty Ltd Mob: +61 419 170749
http://www.webcentral.com.au Email: virgil at webcentral.com.au
2004 Microsoft Global Hosting Service Provider of the Year
A WebCentral Group Limited company (ASX: WCG)
The information contained in this email message may be confidential. If you
are not the intended recipient, any use, distribution, disclosure copying or
archiving of this information is prohibited. If you receive this email in
error, please tell us by return email and delete it and any attachments from
your system.
More information about the cisco-nsp
mailing list