VPN authentication with ACS

Unanswered Question
Aug 22nd, 2007

I have a setup where my VPN users hit the ACS server for user authentication - off of AD. What I am not sure of, is how to limit which users have VPN access.

All of the users would still need to authenticate for wireless (EAP) but be limited to either VPN access or No VPN access.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
andy-gerace Wed, 08/22/2007 - 08:21

I have tried that and it does not seem to make a difference. If I add the AAA group (the firewall in this case) and add * for the CLI, DNIS, etc. it will still let me log into the VPN client as a user in that group.

Am I supposed to be putting something different in for the port, etc.?

wpetherbridge Wed, 08/22/2007 - 09:23

I have the same problem. I haven't tested it yet but believe it will be in the lines of - create a new GPO in AD for VPN users. On the ACS you can do group mappings to specific AD groups and then limit it that way. But like I say I haven't tested it yet. If you do get it right please post your findings.




This Discussion