Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1071
Views
0
Helpful
1
Replies

Cisco VPN 3000 & Radius Groups

estjohn
Level 1
Level 1

‎10-24-2000 09:18 AM - edited ‎02-21-2020 11:14 AM

We currently have a VPN solution in place which uses a VPN 3000 Concentrator, and CiscoSecure 2.4 Radius authentication. We have "internal" groups defined in the Concentrator with access-controls also defined for those groups. We have authentication pointing to the Radius server which is working fine. We are looking to find a way to setup the Concentrator & CiscoSecure group classes, so that when a user is dragged into a CiscoSecure group the user also is bound to that group on the Concentrator. I'm under the assumption that this has to be done with "External" groups on the Concentrator. If I use "External" groups, are the Concentrator Group Access-Controls still in affect? If not, I need a way so that all access-controls can be done on the Concentrator, which are already configured, and all group designations are done by the CiscoSecure Radius server. Is this possible?

Labels:
0 Helpful
1 Reply 1

estjohn
Level 1
Level 1

‎10-26-2000 05:55 AM

Figured it out. You have to have a filter defined on each of your groups inside of the concentrator. You create groups with equal names in the concentrator and CiscoSecure. Then you go into CiscoSecure's Radius configuration and you tell it to pass variable 25 (Class or Group), in format "OU=CLASSNAME;" (without quotes) to the concentrator. Regardless of the group you login as, the concentrator will determine the group you belong to in CiscoSecure and force you into the proper group, and filters.

0 Helpful
Customers Also Viewed These Support Documents