Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Client Authentication VPN3000

I have a VPN concentrator that is configured for client authentication using an NT domain. I dont want every account in Active Directory to have VPN access, so i was wondering if it was possible to limit the scope of where the vpn 3000 looks for accounts to authenticate. Can it be limited to a particular organiztional Unit in Active Directory?

2 REPLIES
New Member

Re: Client Authentication VPN3000

You may have to use ACS. It can check the windows groups and dial-in settings. then replay to the VPN server correctly.

New Member

Re: Client Authentication VPN3000

You would have to use Radius. Microsoft's built in IAS would do the trick. It can allow you to specify a group that can access the VPN. I'm not sure if it can match on an OU though... Maybe. You might also have to be in Native mode for some of that to work.

88
Views
0
Helpful
2
Replies
CreatePlease login to create content