08-22-2007 07:03 AM - edited 03-10-2019 03:20 PM
I have a setup where my VPN users hit the ACS server for user authentication - off of AD. What I am not sure of, is how to limit which users have VPN access.
All of the users would still need to authenticate for wireless (EAP) but be limited to either VPN access or No VPN access.
08-22-2007 07:12 AM
Solution would be to make use of CLI/DNIS NAR,
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml
Regards,
Prem
08-22-2007 08:21 AM
I have tried that and it does not seem to make a difference. If I add the AAA group (the firewall in this case) and add * for the CLI, DNIS, etc. it will still let me log into the VPN client as a user in that group.
Am I supposed to be putting something different in for the port, etc.?
08-22-2007 09:23 AM
I have the same problem. I haven't tested it yet but believe it will be in the lines of - create a new GPO in AD for VPN users. On the ACS you can do group mappings to specific AD groups and then limit it that way. But like I say I haven't tested it yet. If you do get it right please post your findings.
Thanks
Will
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: