How to restrict VPN, allow Wireless. AD environment
15,000 student accounts on active directory, single domain, Win2003.
3,000 staff accounts.
Staff should access VPN and Wireless.
Students should access Wireless only.
Cisco VPN 3000 Concentrator.
Cisco Wireless Access Points, LEAP, (going to migrate to Aruba in the future).
On Active Directory, option I need to keep option "Allow dial-in" on Student accounts set to "Allow". That way students can access wireless. The problem is that would let users launch a Cisco VPN client and connect to our corporate network. I want to restrict that for students.
Re: How to restrict VPN, allow Wireless. AD environment
Can you elaborate a little more on the "Map those two field to groups in your ACS server".
Are you saying that I should create an AD attribute named "wireless" and "vpn" or perhaps you meant I should create a security group in Active Directory "Wireless" and "VPN" and then make ACS recognize those groups ?
I am new to ACS so if you can point out a documentation on how to make ACS work with Active Directory groups, that would help. I will research more on this ACS<->AD groups.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...