No announcement yet.

Preventing ex-employee access to VPN via profile!

  • Filter
  • Time
  • Show
Clear All
new posts

  • Preventing ex-employee access to VPN via profile!

    Hello, I wonder if anyone can help with a tricky situation I find myself in.

    I need to provide access for one of our partner companies to one server on our network (and only one). I have set up the VPN access correctly (I believe) to authenticate using Active Directoty and set up a user for this company and the Cisco VPN profile is created and ready to send.

    My problem is one of our employee has recently left to go and work for this company and he may still have access to our company's personal VPN profile which allows our users to access our entire network. Technically I believe he could use the AD user with this profile and gain access.

    Is there a way to block a particular user's access via a specific VPN profile? I.e. I do not wish for their AD user to be able to authenticate using our personal company VPN profile.

    We have a Cisco PIX/ASA5510.

  • #2
    Re: Preventing ex-employee access to VPN via profile!

    Chnage the password on the VPN group or Disable the account in AD


    • #3
      Re: Preventing ex-employee access to VPN via profile!

      Hi Roggy,

      Thanks for your suggestion, to be honest, I hadn't thought about just changing the VPN profile password which is a good idea, but it will mean I have to change all our employee VPN clients.

      In terms of disabling the user, that is precicely the thing I can't do. I need their user in the new company to be able to access a specific machine on our network so for example I need to prevent the user "companyB" from being able to connect to our VPN profile "internal_network" but I need them to be able to connect to the VPN profile "companyB_access".

      Not sure if it's possible really.


      • #4
        Re: Preventing ex-employee access to VPN via profile!

        You could send out a new profile file to the users and ask them to replace the current one fairly quickly. The file is stored in the profiles directory within programfiles/cisco and are .pcf.

        Would be better to have more than one profile so you don't have to do it for all users next time, easier said with hindsight of course!

        Please read this before you post:

        Quis custodiet ipsos custodes?