Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Bronze

Cisco Remote Access VPN and TACACs

Hi All,

I configured a remote access VPN through an ASA and configured it to use TACACs via my TACACs server running ACS 4.2.

At the moment it seems to be allowing all AD accounts to authenticate through the CISCO VPN client. How do I narrow this down to a specific AD group so I can control users who can use the VPN? I don't want it to be open to every AD account.

Many Thanks

  • AAA Identity and NAC
1 REPLY
Cisco Employee

Cisco Remote Access VPN and TACACs

This can be done via group-lock feature. You either need to use radius or integrate ASA directly with LDAP.

PIX/ASA 8.0: Use LDAP Authentication to Assign a Group Policy at Login

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml

Configure ACS to Assign a Group Policy at Login using RADIUS

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808cf897.shtml

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
97
Views
0
Helpful
1
Replies