I have tried that and it does not seem to make a difference. If I add the AAA group (the firewall in this case) and add * for the CLI, DNIS, etc. it will still let me log into the VPN client as a user in that group.
Am I supposed to be putting something different in for the port, etc.?
I have the same problem. I haven't tested it yet but believe it will be in the lines of - create a new GPO in AD for VPN users. On the ACS you can do group mappings to specific AD groups and then limit it that way. But like I say I haven't tested it yet. If you do get it right please post your findings.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...