• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 360
  • Last Modified:

Cisco IOS Remote Access VPN Restricting Traffic

Hi Experts,
I want to have multiple remote access vpn configurations.
One will be used for internal employees, one for contractors.
Both use a Windows 2008 NAP/Radius profile.
The internal employees get access to the entire subnet.
The contractors get access to one server.
How do I configure the IOS firewall with two profiles to do this? I have done it before with ASA. There are no articles I can find, or are there?
Im using a crypto isakmp client configuration group xxxxx and applying it to the outside interface. I'm also using split-tunneling...I
I don't want to have to past the config so if you can lend me an example or link to exactly this configi it would be appreciated.
Thanks in advance.
1 Solution
John MeggersNetwork ArchitectCommented:
I think what you're trying to do requires RADIUS on the back end to authenticate the user and put them into a particular group.  Take a look at http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949ba.shtml and see if it helps.  By using ACS you can assign the user to a group and apply an ACL on what they're allowed to access.
Within NAP VPN enforcement you have the ability to restrict access by creating custom policies on NPS. This is done either with IP filters or using a remediation servers group.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now