Re: Locking down IAS and NAS
From: Thomas K (thomas_at_kuborn.be)
Date: 02/25/05
- Next message: bobec_97: "IAS and RSA ACE Radius"
- Previous message: dupont1e: "Re: IAS and domain problems"
- In reply to: Timo: "Re: Locking down IAS and NAS"
- Next in thread: Timo: "Re: Locking down IAS and NAS"
- Reply: Timo: "Re: Locking down IAS and NAS"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 25 Feb 2005 17:25:10 +0100
Hey Timo,
I think you're right that you cannot use "NAS-PORT" as a policy-match
condition :(
I think you could use authentication-type as an alternate criteria. AFAIK,
PAP will be used to authenticate telnet/ssh while VPN will use some other
auth type...
Cheers,
/T
"Timo" <timo@theglens.net> wrote in message
news:1109341242.272664.130590@o13g2000cwo.googlegroups.com...
> Hey Tom
>
> Thanks for replying. I didnt know about the Cisco VSA but that is nice
> tidbid to know about. I was more hoping that MS IAS would support the
> RFC2865 section 5.5 NAS-Port.
>
> You say " Sure, IAS support radius attribute 'nas-port' by default."
>
> But when I go into the Policy Conditions and try and add a NAS-Port
> attribute its not there. NAS-IP-Address really isnt gonna help
> because I need to differenciate between different services on the same
> box , IP addr. Basically I need to give permission to some users to be
> able to use the VPN router & Client , they authenticate via RADIUS, Im
> hoping that I can get the RADIUS box to send an Access-Reject when
> those same users to be able to login to the VPN router w\ telnet or
> SSH. Any ideas .
>
> Thanks again.
>
>
> Timo
>
- Next message: bobec_97: "IAS and RSA ACE Radius"
- Previous message: dupont1e: "Re: IAS and domain problems"
- In reply to: Timo: "Re: Locking down IAS and NAS"
- Next in thread: Timo: "Re: Locking down IAS and NAS"
- Reply: Timo: "Re: Locking down IAS and NAS"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
