I have seen a few similar conversations similar to this one; but none are answering my question:
I am using IAS as my RADIUS server in an Active Directory environment. I want to restrict a user to a particular Tunnel Group. I know that I must configure a class 25 attribute in the RADIUS server OU=GROUPNAME. In my case I have a sub-set of users who should be restricted to this tunnel and not our general use tunnel. How do I associate the AD users to the class attribute (and tunnel that I want to restrict the user to)? Do I create an AD GROUP? If so, how do I associate that AD group to the VPN tunnel-group that I want these users to be restricted to?