I have a VPN 3000 and currently it authenticates against my domain controller. Is there a way to have it only allow access if they have an account in the Domain AND be a member of a security group in the domain??? I would like to stop users from getting the client and being able to remote in if they have a general domain user account. There are too many users to manage locally on the concentrator.
Thanks in advance,
You should look under authentication in your concentrator. (I haven't worked on one in a while, so I'm flying blind on this one.) Somewhere under there it will say RADIUS server, and it will have an ip address (if you're using it). If that server has "Internet Authentication Service" (IAS) under Administrative Tools, then that's your RADIUS server. You could have some other piece of software though because there a a lot of RADIUS servers available.
If it's IAS, then under the settings when you modify the properties, you'll see policies. Under those policies, groups are added and permitted or denied based on membership.
Here's a step-by-step link: