I have a VPN 5000 authenticating to a windows 2000 acs box. I also have a dial ras box autheticating to acs. Is their a way users can authenticate with one user name and password and authenticate using this one user name and password to both the VPN 5000 and also the ras dial-up box. So far I can't seem to make this work. I have to create a static user account for either the dial-up or the VPN account. Since we are using a windows domain authentication, users can map drives to their workstation at work. but with a static account they have to use the the acs database to authenticate and do not use the windows domain.
Re: VPN 5000 and ACS 3.0 same user in multiple groups
The problem here is that a VPN user would have a service type of login and a dial in user would have a service type of framed. Since in radius you could only map one service per group, thus you need to groups to have the different services. A user however could only belong to one group, thus your issue. You could point the vpn 5K to another radius system, with the proper group setup and pointing to the same external database, and point the dial ras box to another radius server, but pointing to the same external db for authentication.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...