I need some guidance as I am not fully understanding how this works or if it's going to work as I would like it to.
We have a NT domain and RADIUS server living in our DMZ that is beginning to die. We also have ACS 4.0 setup inside our network to provide AD authentication for our network devices. It is already AD integrated and woking fine in that respect. We also have local users for the purpose of access for consultants and contractors without AD accounts
Our desire is to move the NT domain and server out to pasture and use the ACS to provide Radius authentication to the VPN 3030. I have enabled the VPN 3000 attributes and have created a VPN group in ACS. However, - and this is the part my confusion begins to creep in - How do I limit VPN authorization by AD groups. We have specific groups that are allowed VPN access. Not everyone is allowed to use the VPN. How do I pass those controls through with the ACS Radius server?
And other than pointing the VPN Concentrator to the ACS and creating the groups and Net Devices in ACS, what else are the 'gotchas'?
Thanks in advance.