Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

PPTP Tunnel Group Configuration Question

I am currently using a CiscoSecure ACS server to authenticate PPTP clients to a VPN 3000. The documentation states you enable PPTP by editing the Base Group on the VPN 3000. But I want to use separate IP address ranges for different users to apply ACLs, but I cannot figure out how to assign users on the ACS server to a different group that points to a group other than the base group on the VPN 3000.


Re: PPTP Tunnel Group Configuration Question

Community Member

Re: PPTP Tunnel Group Configuration Question

The guide helped, but was incomplete. With the help of TAC we figured it out. In order for CiscoSecure ACS to point to a different group on the VPN 3000 Concentrator, you have to enable RADIUS IETF attribute #25 and specify the group name on the concentrator. What was lacking from the guide was the exact syntax. The correct syntax was "ou=groupname" and it worked.

CreatePlease to create content