How to prevent/allow access admin of some ip addresses.

Hello

try to set up the following scenario:

a user BOB have created in Cisco ACS 4.2

have several network with the IP addresses of management devices added all different in Cisco ACS 4.2

in order to allow BOB to access network devices only if the request for access of BOB comes from a single IP 1.1.1.1

If BOB tries to access the network of all the other IPS devices, the application should be dismissed regardless because BOB has full access to all network devices.

Is there a way to do this using Cisco ACS 4.2

Appreciate your comments.

Kind regards

I don't know how or if you can do it by using ACS. You MAY be able to use the network access Restriction function, although I've never tried. Reference.

It would be easy to simply put a list of access on devices vty lines while limiting access to 1.1.1.1. (although it would affect all users).

Tags: Cisco Security

Similar Questions

  • 160N not allowing access to a single ip address please!

    My router does not allow access to a single ip address.  I have a site that I have ftp access to and everything was working fine until today.  I can't access ftp with all the software and the site will not be rendered.  I checked all implement.  I called the hosting company, ISP provider and is not on their end.  I went to another computer somewhere else and everything worked fine.  I hooked in directly to the modem and everything worked as it is supposed to.  All other websites work very well.  It must be the router.   I have reset the router to factory settings and set to update the firmware.  As I said, everything was working just fine and then suddenly everything that is on the IP 1 will not work.  Any help with my situation is appreciated.

    Since you have already reset your router and re-configured all the settings in this topic. When your computer is connected to the Linksys router, on your computer, open the window command prompt and try to ping the IP address that you're trying to make it work with your Linksys router and check if you have all the answers.

    If not then on your configuration page of the router, click on the Security tab and disable the SPI Firewall and uncheck "Filter anonymous Internet requests" and click on save settings...

    Once you are done with these settings, you can now try to ping the IP address and check if you have all the answers...

    NOTE: Turn off the firewall and Antivirus on your computer...

  • Allowing traffic SMTP on some IP address ranges

    I have to configure my 506th PIX to allow only traffic to certain IP's SMTP goes to my mail server. However, I don't know about the right way to accomplish this task. If I put in the lists of access for each beach and anything else associated with SMTP that accomplish the task?

    Any help would be great!

    Thank you

    Michael: Laro

    One thing that can help is to use "group objects. With group objects, you combine services networks and protocols (ftp, smtp, etc...). If you have a handful of IP addresses or subnets that you want to allow access to your SMTP e-mail server, you could do this is similar to the following. Remember, by default, NO traffic can come from the internet, through your external interface and in your private network. So, if you say that give permissions to following addresses, then only they and no one else. Here is an example of group objects.

    SMTP server address: 172.17.1.1

    Addresses you want to allow SMTP: 32.18.7.0/24, 204.215.18.0/24 and 113.113.45.1 and 118.55.34.20.

    pixfirewall (config) # network object-group MAIL

    pixfirewall(config-Network) network-object # 32.18.7.0 255.255.255.0

    pixfirewall(config-Network) network-object # 204.215.18.0 255.255.255.0

    pixfirewall(config-Network) # host network-object 113.113.45.1

    pixfirewall(config-Network) # host network-object 118.55.34.20

    Now create your access list:

    pixfirewall (config) #-access list ENTRY-IN permit tcp object-group MAIL host 172.17.1.1 eq smtp

    pixfirewall (config) #-access group ENTRY-IN in interface outside

    This will allow the network and the ip addresses that you defined in the netgroup called 'MAIL' access to your mail server. I hope this helps.

  • How we prevent neighbor access my broad signal band

    The security system flashes a message that a unuthorised pc logged onto my signal to broadband and gives me an identification number

    Hi John,.

    This 'security system' (name, version, type - part of the operating system or some Internet Security Suite, the ISP or router or where - he wants to say too much and I need you to be specific here) you said that and how it tells you?  What is the identification number (I'm less interested in the number itself what it represents - it is a file number or incident number or something that can be sought or when additional details can be found in some newspapers or by calling someone)?  If you can, show details in a response (but block all that identifies you or your computer, network, or settings - even if it ends up looking like a redacted, memo sent to the NSA police).  I just want to see the information about the intruder.

    I assume you are using a wireless modem/router and probably not not fixed it then anyone with a device with wireless capabilities within reach of your broadcast device (I can pick up signals as much as 6 of my neighbors from hundreds of yards away - so that they can see possibly also not to mention the people passing in cars or walking on the street (, or whatever).

    It is rare to have an alert mechanism in place and no security system activated, but some technicians are better than others.  Here are the basics (and you may need assistance to identify the appropriate codes and types of security in the use of various suppliers - to prepare to listen to elevator music several times):

    Wireless routers can be set with security (and then you put the same level of security and the key on your computer or other devices connected to it and you can access).

    Go to start / all programs / accessories / right-click on command prompt, and click Run as administrator. Then type IPCONFIG/all and click Enter (exactly as written with the space). It should show you a number of things, including what is called the default gateway for your wireless connection. This is most likely your router and probably something like 192.168.0.1 or something similar.

    Now, open IE (or your browser) and in the address bar, type the same number. This should connect to the router. He may request a user name and password. If you don't, contact your ISP or router manufacturer to be reset or get help to find or to find out what they use as the default generic values on this brand and model (if reset, no matter what they say, change them for something unique that you'll remember because many people know those generic used by companies and can easily get past that thanks to) them and we'll close them - they'll suggest against it because if you forget them, you watered - and it's true, so just remember them). Once again, you will need to go to security and configure security settings appropriate for your system (and possibly make a few other changes as well). You will probably need assistance of the ISP or router manufacturer to select the most appropriate for your system and network and ISP router. For example, I couldn't use the best Type of security because it was not compatible, but was able to use the best following which is fine - but who would never have known had not walked me through the process.

    Once done, go to your devices and computers and change the wireless settings to match those of the router. You will probably have set up a security Type and the Type of encryption and a network security key (which is basically a password). It is difficult to guide you without knowing your OS, but for mine using Vista I'm going on the network and sharing Center in Control Panel and click on 'manage wireless networks '. Then I double click on my wireless network connection and click on the Security tab and it present options for these same three elements. I input what I set up on the router, save the settings and reboot. When I'm back, I can now connect to the network, and the wireless connection is secure (and if you see the wireless network page, it will say now secure and if you go to "Connect to a network" the options presented will also show it is attached.) That's all and you have completed and now you are sure.

    If done correctly (and do not use the same password you use already or something that one can guess like your name or the name of the street - do something like this #8 Mo L23a, but you can choose something a little easier but a minimum 8-digit inluding uppercase, lowercase, symbols and numbeers - or at least three of these types in there) they should no longer be able to connect.

    If they, then after back and after that I have retrieve the shock, we will seek a way to know who and how it goes.  Are you sure that your firewall is enabled and works?  We will need to see if they embark on another way (another computer on your home network, a connection cable to the line itself, a compromised system to which they have access and can bypass everything (because of a gap in security at a time, malware, misconfigured settings or a host of other possibilities to increase improbability).  But we'll cross that bridge if we come to it.

    I hope this helps.

    Good luck!

    Kosh

  • How do you allow access to a folder of photos when a person downloaded and I can't access it even if we are on the same computer?

    I want to download pictures on Kodak gallery and when I went to the office, all the photos are there, but the husband uploaded to his account and the computer tells me access denied, need permission.  How did it may give permission, we are computer illiterate, is why we are asking for HELP!

    Perhaps the following would provide a solution.

    Windows Vista-
    Share files with anyone
    http://Windows.Microsoft.com/en-us/Windows-Vista/share-files-with-someone

    Sharing files with the Public folder
    http://Windows.Microsoft.com/en-us/Windows-Vista/sharing-files-with-the-public-folder

    Windows Vista-
    Simple file sharing Vista activation process
    http://www.Vistax64.com/tutorials/126910-simple-file-sharing-enable.html

  • Allowing access to ESXi host to other subnets

    Hi all

    I use the free version of ESXi and it is in course running on the network. 10.32.125.x I noticed that if I try to connect to the host via the Client vSphere from another network, such as 10.32.126.x, I can't.  I can't ping or SSH host either form the 10.32.126.x network.  All right if I'm on the 10.32.125.x network, which is the same network that the server is running on (10.32.125.63 is the IP host address).  I can access services on thin virtual machines from other networks, just not the ESXi host itself.

    Any ideas of how I can allow access of networks other than that on which lives on ESXi?

    Thank you

    Hello

    You try to access your client vSphere ESXi host, make sure that your DNS and default gateway are defined and correct? Is your default gateway on the ESXi host on your router?

  • How to allow access to all users of the connection on my computer?

    How to allow access to all users of the connection on my computer?

    Your question is hard to understand.  I interpret as:

    "How to allow all the users on my computer to access some files or folders?

    The answer depends somewhat on the question of whether you have XP Pro or XP Home, but a general answer is found the following article.

    "How to use file sharing Simple to share files in Windows XP"
      <>http://support.Microsoft.com/kb/304040 >

    Click on "level 3: files in shared documents available to local users"

    HTH,
    JW

  • How can I prevent the access denied message when you use the shutdown command?

    I use shutdown /m \\computername/s

    I have "Access denied (5)" as an answer.
    I am admin on all my computers. Same username and password on each of them.
    How can I get this shutdown command to work remotely, so I can't access every computer command prompt via Remote Desktop?
    How can I prevent the access denied message when you use the shutdown command?

    Hello

    I suggest you to report this issue in TechNet Forums for Windows 7 networks: http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/threads

    Thank you.

  • I get a message by signing in iCloud iMac found elsewhere. How can I change the location? How can I get rid of this error message? I allow access from somewhere else (weird)?

    I have iMac OS X version 10.7.5. When you try to connect to my iCloud (I pay for a minimum monthly access), I get the message that my computer is requesting access to iCloud somewhere else. I allow access to this strange place? How can I change my location on the desktop to my address? How can I get my iCloud account?

    Is introduced on the market, two-factor authentication because if this is the case, you will have what is normal - for Apple ID - Apple Support two-factor authentication

  • How to configure the Windows XP firewall to allow access for Windows 7

    I have 2 Windows 7 PCs & 1 Windows XP.

    XP, I can connect & see the shared folders on the 7.  However, I don't see the XP from 7 if I disable my firewall.

    They are all connected to the same workgroup.  I removed the 7 s residential groups (that I read that this could be a problem).  I tried to turn it off simple sharing & ensuring that local settings are set to everyone, but it does not work.

    I use of Avira AntiVir to my antivirus and I see all the settings within what I need to change.

    The only thing that works is to disable the firewall.  I don't want to leave it off, I need to understand how to configure it to allow access from other computers.  I looked in exceptions and can't seem to understand.  I think maybe I need to add a port, but I do not know how to select a port number and once I did, I don't know what I would have to do on the 7 to use this port.

    Thanks in advance for the help!

    Hi Brittany,

    Check to see if this article helps you.

    Networking of computers running different versions of Windows

    See also:

    Sharing files and printers with different versions of Windows - Help & how-to - Microsoft Windows

  • How to allow access to a local area network behind the cisco vpn client

    Hi, my question is about how to allow access to a local area network behind the cisco vpn client

    With the help of:

    • Cisco 5500 Series Adaptive Security Appliance (ASA) that is running version 8.2 software
    • Cisco VPN Client version 5.0 software

    Cisco VPN client allows to inject a local routes in the routing table Cisco ASA?

    Thank you.

    Hi Vladimir,.

    Unfortunately this is not a supported feature if you connect through the VPN Client. With VPN Client, that the VPN Client can access the VPN Client LAN host/local machine, not host from the local network to business as customer VPN is not designed for access from the local company network, but to the local corporate network.

    If you want to access from your local business to your LAN network, you need to configure LAN-to-LAN tunnel.

  • access to the default in IIS6 and IIS7 Web site, how we configure IIS6 on windows 7 to allow access to the default Web site

    How to configure IIS6 on windows 7 to allow access to the default Web site or there at - there someone out there who can put up my computer at a reasonable rate of legend

    Hello

    The question you posted would be better suited in the TechNet Forums. I would recommend posting your query in the TechNet Forums.

    http://social.technet.Microsoft.com/forums/en-us/winserverfiles/threads

  • How to prevent a user not to access a table of perticular? This user has select any table privilege. Please help me solve this problem.

    Hello

    How to prevent a user not to access a table special (xxx)?

    This user has SELECT a TABLE ALL privilege. I need to restrict to only not for access xxx to the table, but this table is not existed in its own schema.

    But there is access able as select * from schema.table;

    How can I revoke this privilege.

    Please help me solve this problem.

    Thank you

    Lacombe

    1623609 wrote:

    How can I select privilege on specific tables at the same time?

    I want to create a new user and grants the right to select for tables, except a table (xxxx).

    It will be possible without the keystone of the database?

    One way, in several sql

    coil doit.sql

    Select ' grant select on ' | owner: '. ' || table_name |' to someuser. »

    from dba_tables

    where

    spool off

    Then sanity check "doit.sql" and execute it.

  • How to prevent the installation of software and IE extensions / toolbars, etc.

    I try to help a small business at home with a Windows 7 PC with IE 9. The PC is used for normal business purposes: Microsoft Office documents, e-mail (AOL app), video editing and burn them on DVD or download YouTube and Vimeo, and research in Internet Explorer for commercial use normal and legitimate

    My questions are (explained later):

    All the PCs here have parental control of Microsoft and Microsoft Security Essentials installed. None of the PC should be able to be used for something ELSE (not only internet) between midnight and 08:00.
    1. How can I get Internet Explorer 9 on Windows 7 automatically restore the State by default when it is closed? As if it were a PC in an internet café, library or school? This allows to avoid the (intentional or accidental) installation of toolbars, extensions, etc. in IE 9, if possible, I'd like to keep Google as the default search provider and homepage; In addition, the extensions 'regular' such as Flash Player, Real Player and Acrobat Reader must remain in place and JavaScript should work.
    2. the son managed to resume using his own PC (and perhaps the PC business) at limited hours. I guess he got Windows 7 SysInternals disk to remove the administrative password. Is there a way I can stop that then reapply restrictions? Maybe he simply restored the system from the recovery partition or reinstalled Windows, so I need a way to prevent these things from happening as well. A firmware password would do the trick?

    This probably wouldn't have happened if there was a way to allow installation of the software on a Standard account. On the own PC of the son, it's okay if it installs the software, browser toolbars and so on--even if it is malware. It is only the PC that should be free of this professional. It is also possible that it has installed this junk on the Professional PC as a form of punishment.
    It is not possible to force users to use Firefox or Chrome instead of IE. And IE suffered from some bad extensions that were installed in Chrome.
    Explanation:
    The owner of the company adult son uses this PC occasionally working for the company, but mostly for its own use. The son, who can be a little mentally ill and lives with his father in the House where the business is, continued installation providers extensions, toolbars and search for malware, unwanted, unsafe in Internet Explorer and change the homepage. Office workers may have also unintentionally installed some malicious software search engines.
    Occasionally, the son works for the company, so must have the PC of the company. However, he often uses the PC for its own purposes, which includes things like trying to download protected content (movies, television and music) without having to pay for it. It seems that he sometimes spend time free looking for games. (Before I put on the parental control, it had installed several of them. There still frequently installed toolbars, extensions and search providers in Internet Explorer to facilitate this [protected media download] and [probably] some of them gets simply by visiting the types of malicious websites that claim to offer free stuff. The son has four pieces of his own, which are almost unusable due to multiple malware infections.
    Owner of the company I was install the parental control on the PC of the son in addition to the PC business to prevent the use of any computer between midnight and 08:00 when the son is supposed to sleep or study and not play games or use the computer for something ELSE. According to the owner of the company, the son psychiatrist said that the son must sleep during those hours every day.
    Currently, it is not possible for me to question the son - it is of course very unhappy about not being able to install software on PCs own hie. Not that I was all happy that all this, but he isn't one to pay me.
    Sorry, this has been so long. The situation is a little stressful.

    A knowledgeable user can bypass/get around any account login admin password, by using any method found in a search on the internet.

    You can try to set up separate for normal use restricted user accounts.

    You can also configure another admin account, with the reset/recovery disk of password for your own use. (In which case a user causes problems in their attempt to circumvent restrictions)

    Assuming that PCs are networked / connected via a routor, a decent has the ability to restrict the sites accessible both to prevent net access between certain hours, on a per PC basis.

    There is software of third parties, such as used on some PCs consulted by the public in the scenario you mentioned, although how it would affect normal business type useage I could say.

    Certain third-party Internet security applications also have the ability to restrict access/use their own parental controls

  • How to prevent the creation of 15000 files for 300 MB each day Firefox

    Firefox creates files of 'file' in C:\Users\LeRicain\AppData\Local\Mozilla\Firefox\Profiles\dnm04rk5.default\cache2
    There are about 10,000 and 20,000 files I have to remove to get about 300 MB of space each day

    How to prevent the creation of these files in Firefox

    Here are the files from cache. Basically, it takes Web sites that access you a lot and records bits of them so they'll load faster the next time you visit them. FOR EXAMPLE if you visit Google.com much, Firefox will save some elements of this page in the cache so that the next time visit you Google.com, it will not have to re - download.

Maybe you are looking for