PPTP Tunnel Group Configuration Question

Unanswered Question
May 22nd, 2008

I am currently using a CiscoSecure ACS server to authenticate PPTP clients to a VPN 3000. The documentation states you enable PPTP by editing the Base Group on the VPN 3000. But I want to use separate IP address ranges for different users to apply ACLs, but I cannot figure out how to assign users on the ACS server to a different group that points to a group other than the base group on the VPN 3000.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
aebba@btmg.com Thu, 05/29/2008 - 10:31

The guide helped, but was incomplete. With the help of TAC we figured it out. In order for CiscoSecure ACS to point to a different group on the VPN 3000 Concentrator, you have to enable RADIUS IETF attribute #25 and specify the group name on the concentrator. What was lacking from the guide was the exact syntax. The correct syntax was "ou=groupname" and it worked.

Actions

This Discussion