Last week, I assigned a test server Cisco ACS to act as the authentication and accounting device for a specific group on a Cisco VPN Concentrator 3060. When I looked at ACS, it appeared that not only the group was going there but others were passing through as well and using the defaults on the Cisco Secure ACS. Is there a way that I can ensure that only the traffic assigned to that specific VPN group will using the ACS server defined?
Not sure about your set up. But you need to set up group mapping so that only specific AD group can authentication.
In external db group mapping, map
ACS VPN group----->with<---- AD VPN group
All other combination should point to No access group.
Do rate helpful posts