Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN authentication with ACS

I have a setup where my VPN users hit the ACS server for user authentication - off of AD. What I am not sure of, is how to limit which users have VPN access.

All of the users would still need to authenticate for wireless (EAP) but be limited to either VPN access or No VPN access.

3 REPLIES

Re: VPN authentication with ACS

Community Member

Re: VPN authentication with ACS

I have tried that and it does not seem to make a difference. If I add the AAA group (the firewall in this case) and add * for the CLI, DNIS, etc. it will still let me log into the VPN client as a user in that group.

Am I supposed to be putting something different in for the port, etc.?

Community Member

Re: VPN authentication with ACS

I have the same problem. I haven't tested it yet but believe it will be in the lines of - create a new GPO in AD for VPN users. On the ACS you can do group mappings to specific AD groups and then limit it that way. But like I say I haven't tested it yet. If you do get it right please post your findings.

Thanks

Will

164
Views
5
Helpful
3
Replies
CreatePlease to create content