Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
519
Views
5
Helpful
3
Replies

VPN authentication with ACS

andy-gerace
Level 1
Level 1

‎08-22-2007 07:03 AM - edited ‎03-10-2019 03:20 PM

I have a setup where my VPN users hit the ACS server for user authentication - off of AD. What I am not sure of, is how to limit which users have VPN access.

All of the users would still need to authenticate for wireless (EAP) but be limited to either VPN access or No VPN access.

Labels:
0 Helpful
3 Replies 3

Premdeep Banga
Level 7
Level 7

‎08-22-2007 07:12 AM

Solution would be to make use of CLI/DNIS NAR,

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml

Regards,

Prem

andy-gerace
Level 1
Level 1
In response to Premdeep Banga

‎08-22-2007 08:21 AM

I have tried that and it does not seem to make a difference. If I add the AAA group (the firewall in this case) and add * for the CLI, DNIS, etc. it will still let me log into the VPN client as a user in that group.

Am I supposed to be putting something different in for the port, etc.?

0 Helpful

wpetherbridge
Level 1
Level 1
In response to andy-gerace

‎08-22-2007 09:23 AM

I have the same problem. I haven't tested it yet but believe it will be in the lines of - create a new GPO in AD for VPN users. On the ACS you can do group mappings to specific AD groups and then limit it that way. But like I say I haven't tested it yet. If you do get it right please post your findings.

Thanks

Will

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents