01-28-2012 10:57 AM
Apologies for the ingorant question, but I wanted to verify something:
From what I can tell, would you want to use the Connection Profile (Tunnel Group) Lock option for RA VPN if you don't use Active Directory for authentication? I can't seem to find a reason to use it, other than if I was using it together with AD authentication.
Best regards,
Carl
01-28-2012 10:55 PM
If you are using local auth on firewall and have diffrent group configured with filter list/split tunnel then group lock can be useless to restrict users for specific group else users can connect any group.
01-29-2012 11:45 AM
Would that be the only scenario?
01-29-2012 11:56 AM
Authentication can be any way for users right (ACS/Radius/AD/Local) but group policy locks the user into the preferred tunnel-group.
01-30-2012 05:51 AM
Right - so if I were to use RADIUS to provide these users with the Group Policy class, then using the tunnel group lock would be redundant, no?
10-12-2012 01:42 AM
In Cisco ACS 4.x you can use attribute 3076\085 Tunnel-Group-Lock, to restrict users not to log on to diferent connection profile.
10-12-2012 12:21 PM
This should clarify your confusion
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: