1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

deny user connect ssh

Discussion in 'General Cisco Certifications' started by calincri, Apr 29, 2010.

  1. calincri

    calincri New Member

    3
    0
    1
    I have a problem

    I have a router with vpn users created.
    The problem is that vpn users can connect to the ssh with they`re vpn accounts .
    Even if i assign to a user privilege 1 , the user still can connect to the router.

    for aaa i have configured

    aaa new-model

    aaa authentication login Test_db local
    aaa authorization network Test_db local
     
  2. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Not really following want you want.

    Do you want the users to able to login to the ASA or do you want them to able to connect via SSH to something else?
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  3. calincri

    calincri New Member

    3
    0
    1

    Hello,

    It is not an asa. Its a 1811 router.
    What i ment is that i have created on my router users for vpn connection. They connect to the router via vpn client.
    With they`re vpn account created on the router they can connect to ssh. I want to deny them ssh access.
     
  4. Spice_Weasel

    Spice_Weasel Kilobyte Poster

    254
    45
    45
    The simple solution is to stick an access-list on your vty lines, e.g.:

    access-list 50 permit 10.10.10.0 0.0.0.15 log
    access-list 50 deny any log

    line vty 0 4
    access-class 50 in

    Or you can use control plane policing, which will give you lots of control over router access.

    Spice Weasel
     
    Certifications: CCNA, CCNP, CCIP, JNCIA-ER, JNCIS-ER,MCP
    WIP: CCIE

Share This Page

Loading...