Is there a way to check dial-in permission for one NAS and not another?
Hello all- we're running ACS 4.x. currently we have "check dial-in permission" enabled. We have VPN users and wireless (.1x) authenticating against acs and then to AD. the problem is with the "dial-in permission check" we have to grant this all vpn and wireless users in AD even though some wireless users do not need VPN access. Becuase if this permission enabled , all wireless users automatically get VPN access as well. Is there a way around this? Can i check dial-in permission per NAS or something or is that a global thing. Any other way to set this up only VPN user are checked for dial-in permission and not wireless users?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...