Solved: Group Lock VPN 3000 Binding users to their group

markturner · ‎01-09-2003

I'm using a VPN 3015 with VPN Client 3.5.1 using IPSEC only. Cisco ACS 3.0 is the radius server authenticating all the users. If I use a group on the client I can login using another groups user id.

Interestingly you then get the other groups priviledges for that user as you might expect.

If I select Group Lock on the Base Group settings this isn't having any effect.

I would like to restrict the clients access to users in it's own configured group.

I'm using External authentication to the Radius ACS server for the Groups.

Thanks for any help you can give.

Mark

jfrahim · ‎01-10-2003

Hi Mark,

You can follow the sample config at:

http://www.cisco.com/warp/public/471/altigagroup.html

Thanks

Jazib

View solution in original post

jfrahim · ‎01-10-2003

Hi Mark,

You can follow the sample config at:

http://www.cisco.com/warp/public/471/altigagroup.html

Thanks

Jazib

markturner · ‎01-10-2003

Thanks for your help Jazib.

I used the Radius Class attribute number 25

OU=;

It works fine.

Regards,

Mark

mddistor · ‎01-10-2003

hi Jazib,

What if I only have Internal to authenticate, how would I lock users for just a particular group, enabling Group lock doesnt have any effect.. any advise?

Thanks.

cym