03-17-2004 11:08 AM - edited 02-21-2020 10:09 AM
I have a VPN concentrator that is configured for client authentication using an NT domain. I dont want every account in Active Directory to have VPN access, so i was wondering if it was possible to limit the scope of where the vpn 3000 looks for accounts to authenticate. Can it be limited to a particular organiztional Unit in Active Directory?
03-17-2004 05:38 PM
You may have to use ACS. It can check the windows groups and dial-in settings. then replay to the VPN server correctly.
04-05-2004 08:05 AM
You would have to use Radius. Microsoft's built in IAS would do the trick. It can allow you to specify a group that can access the VPN. I'm not sure if it can match on an OU though... Maybe. You might also have to be in Native mode for some of that to work.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide