cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8081
Views
0
Helpful
6
Replies

Connection Profile (Tunnel Group) Lock

Carl Harbeck
Level 1
Level 1

Apologies for the ingorant question, but I wanted to verify something:

From what I can tell, would you want to use the Connection Profile (Tunnel Group) Lock option for RA VPN if you don't use Active Directory for authentication? I can't seem to find a reason to use it, other than if I was using it together with AD authentication.

Best regards,

Carl

6 Replies 6

ajay chauhan
Level 7
Level 7

If you are using local auth on firewall and have diffrent group configured with filter list/split tunnel then group lock can be useless to restrict users for specific group else users can connect any group.

Would that be the only scenario?

Authentication can be any way for users right (ACS/Radius/AD/Local) but group policy locks the user into the preferred tunnel-group.

Right - so if I were to use RADIUS to provide these users with the Group Policy class, then using the tunnel group lock would be redundant, no?

marinogr
Level 1
Level 1

In Cisco ACS 4.x you can use attribute 3076\085 Tunnel-Group-Lock, to restrict users not to log on to diferent connection profile.

abcdrohan
Level 1
Level 1

This should clarify your confusion

www.networksa.org/?p=360

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: