Have a look at Cisco AV-Pairs I've used/use them before on Cisco IOS and ASA devices with RADIUS
I think they also work with TACACS Look for "inacl= " For eg ip:inacl#1=permit tcp any 10.0.0.10 255.255.255.0 eq 22 google found this which may be of use http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_tacacs/configuration/15-1mt/sec-usr-tacacs-15-1mt-book.pdf -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Randy Sent: Thursday, 6 September 2012 12:38 p.m. To: [email protected]; Jason Lixfeld Subject: Re: [c-nsp] per-user access-lists with IOS SSL VPN --- On Wed, 9/5/12, Jason Lixfeld <[email protected]> wrote: > From: Jason Lixfeld <[email protected]> > Subject: [c-nsp] per-user access-lists with IOS SSL VPN > To: "[email protected]" <[email protected]> > Date: Wednesday, September 5, 2012, 4:05 PM I've got a third party > that need access to my network over my VPN. Instead of giving them > carte blanche, I'd like to wrap an ACL around their session so they > only have access to what's permitted by the ACL. I can configure > these users in tac_plus as users, or as members of a group, or locally > on the VPN box, if needed. > > My google-fu hasn't turned up anything remotely appropriate to what it > is I'm looking for - hoping someone out here might know. > > My kit consists of a 2901 running 15.2(1)GC1. > > Thanks in advance. ...and I forgot to add: "it was via the split-tunneling ACL ./Randy _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
