Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Group Lock VPN 3000 Binding users to their group

I'm using a VPN 3015 with VPN Client 3.5.1 using IPSEC only. Cisco ACS 3.0 is the radius server authenticating all the users. If I use a group on the client I can login using another groups user id.

Interestingly you then get the other groups priviledges for that user as you might expect.

If I select Group Lock on the Base Group settings this isn't having any effect.

I would like to restrict the clients access to users in it's own configured group.

I'm using External authentication to the Radius ACS server for the Groups.

Thanks for any help you can give.

Mark

  • Other Security Subjects
1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: Group Lock VPN 3000 Binding users to their group

Hi Mark,

You can follow the sample config at:

http://www.cisco.com/warp/public/471/altigagroup.html

Thanks

Jazib

3 REPLIES
Bronze

Re: Group Lock VPN 3000 Binding users to their group

Hi Mark,

You can follow the sample config at:

http://www.cisco.com/warp/public/471/altigagroup.html

Thanks

Jazib

New Member

Re: Group Lock VPN 3000 Binding users to their group

Thanks for your help Jazib.

I used the Radius Class attribute number 25

OU=;

It works fine.

Regards,

Mark

New Member

Re: Group Lock VPN 3000 Binding users to their group

hi Jazib,

What if I only have Internal to authenticate, how would I lock users for just a particular group, enabling Group lock doesnt have any effect.. any advise?

Thanks.

cym

101
Views
0
Helpful
3
Replies