We purchased ACS3.1 and will like to use NDS as the external database for authenticating dialing-users. This configuration is working fine, but now how can I restrict a specific dialing-users from authenticating to NDS.
What I meant is how can I resrict dialing-users/remote-users/vpn-users to authenticate to NDS. Below are three scenarios that we have in production and we are planning to migrate to ACS. At this time authentication is being done using each device's local database.
Not sure if I understand your question correctly. It appears that you are looking for seperating the users for different traffic (VPN, dialup, PPTP) and make sure that VPN users cannot connect for dialup and vice versa. If thats the case, then you need to create three different group in NDS and 3 groups in ACS and then MAP the corresponding ACS group with the NDS group. Finally you need to apply NAR described earlier in every group and allow or disallow the devices.
Pl. let me know if this answers your question. Regards,
Yes, that's the idea. But how can I restrict 2 users out of 5 that are members of the same group from authenticating to NDS. When I map a NDS group to ACS group, everyone within the NDS container are able to authenticate.
I do not have a problem setting restrictions for users to access devices, this works fine.
Unfortunately, if thats the case, it will not work. In the case, of NT domain you have the option to allow/disallow user authentication when you create the user in NT domain database. In the case of the NDS, there is no such option to the best of my knowledge. Sorry !
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...