I am currently using a CiscoSecure ACS server to authenticate PPTP clients to a VPN 3000. The documentation states you enable PPTP by editing the Base Group on the VPN 3000. But I want to use separate IP address ranges for different users to apply ACLs, but I cannot figure out how to assign users on the ACS server to a different group that points to a group other than the base group on the VPN 3000.
The guide helped, but was incomplete. With the help of TAC we figured it out. In order for CiscoSecure ACS to point to a different group on the VPN 3000 Concentrator, you have to enable RADIUS IETF attribute #25 and specify the group name on the concentrator. What was lacking from the guide was the exact syntax. The correct syntax was "ou=groupname" and it worked.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...