Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Connection Profile (Tunnel Group) Lock

Apologies for the ingorant question, but I wanted to verify something:

From what I can tell, would you want to use the Connection Profile (Tunnel Group) Lock option for RA VPN if you don't use Active Directory for authentication? I can't seem to find a reason to use it, other than if I was using it together with AD authentication.

Best regards,

Carl

6 REPLIES

Connection Profile (Tunnel Group) Lock

If you are using local auth on firewall and have diffrent group configured with filter list/split tunnel then group lock can be useless to restrict users for specific group else users can connect any group.

New Member

Re: Connection Profile (Tunnel Group) Lock

Would that be the only scenario?

Connection Profile (Tunnel Group) Lock

Authentication can be any way for users right (ACS/Radius/AD/Local) but group policy locks the user into the preferred tunnel-group.

New Member

Connection Profile (Tunnel Group) Lock

Right - so if I were to use RADIUS to provide these users with the Group Policy class, then using the tunnel group lock would be redundant, no?

New Member

Re: Connection Profile (Tunnel Group) Lock

In Cisco ACS 4.x you can use attribute 3076\085 Tunnel-Group-Lock, to restrict users not to log on to diferent connection profile.

New Member

Connection Profile (Tunnel Group) Lock

This should clarify your confusion

www.networksa.org/?p=360

5328
Views
0
Helpful
6
Replies
CreatePlease to create content