Re: VPN 5000 and ACS 3.0 same user in multiple groups

denny-bell · ‎08-28-2002

I have a VPN 5000 authenticating to a windows 2000 acs box. I also have a dial ras box autheticating to acs. Is their a way users can authenticate with one user name and password and authenticate using this one user name and password to both the VPN 5000 and also the ras dial-up box. So far I can't seem to make this work. I have to create a static user account for either the dial-up or the VPN account. Since we are using a windows domain authentication, users can map drives to their workstation at work. but with a static account they have to use the the acs database to authenticate and do not use the windows domain.

cjacinto · ‎09-03-2002

The problem here is that a VPN user would have a service type of login and a dial in user would have a service type of framed. Since in radius you could only map one service per group, thus you need to groups to have the different services. A user however could only belong to one group, thus your issue. You could point the vpn 5K to another radius system, with the proper group setup and pointing to the same external database, and point the dial ras box to another radius server, but pointing to the same external db for authentication.

hampton · ‎09-04-2002

But depending on the RAS used, it may be able to to work. I have a 3640 with PRI+modems and a 5000. If a user is in the VPN group, they can also dial in to the PRI without problems.