Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
376
Views
0
Helpful
1
Replies

Cisco Remote Access VPN and TACACs

GRANT3779
Spotlight
Spotlight

‎07-31-2013 08:11 AM - edited ‎03-10-2019 08:42 PM

Hi All,

I configured a remote access VPN through an ASA and configured it to use TACACs via my TACACs server running ACS 4.2.

At the moment it seems to be allowing all AD accounts to authenticate through the CISCO VPN client. How do I narrow this down to a specific AD group so I can control users who can use the VPN? I don't want it to be open to every AD account.

Many Thanks

Labels:
0 Helpful
1 Reply 1

Jatin Katyal
Cisco Employee
Cisco Employee

‎07-31-2013 09:27 AM

This can be done via group-lock feature. You either need to use radius or integrate ASA directly with LDAP.

PIX/ASA 8.0: Use LDAP Authentication to Assign a Group Policy at Login

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml

Configure ACS to Assign a Group Policy at Login using RADIUS

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808cf897.shtml

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful
Customers Also Viewed These Support Documents