Hi there,
My setup is this:
- Cisco ASA 5525 firewalls
- Cisco Anyconnect Client
- Windows 2008 R2 AD Domain w/ NPS server installed and using Radius to authenticate the users' access via a group.
- Different domain (so users are connecting from our domain into completely disconnected, remote site with a different domain).
All this is working fine. Users can log into the system and everything is good. Now, we would like to restrict *where* certain groups of users can log. Most of the services they are trying to access are running either centos or RHEL, but they are connecting from Windows 7 x64-based systems.
I would like them to be able to log into the environment, but when they pull up their ssh client, I want them to be able to get to server x, but not server y.
I'm open to suggestions.