Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

RADIUS Authentication, PPTP users to be in differnet groups on a 3030?

Is it possible to use Radius for PPTP authentication have still have the user be in a PPTP group (not the base group)? I have about 30 groups and all are IPSEC and I have a need to allow a few PPTP users but I can't figure out how to put them in a group without either using internal user lists, or having them in the base group. Is there any way to do this using RADIUS as my authentication method? (ACS)

Also, second question, is it possible to have PPTP users authenticate with SecurID?

Thanks!!

1 REPLY
Anonymous
N/A

Re: RADIUS Authentication, PPTP users to be in differnet groups

This concept apllies to VPN 3000, Check if it the same for 3030. Define a group say for example finance on the internal database of the concentrator and attributes for this group are defined. In the General tab the group finance , make sure the Strip Realm attribute is checked. Users for this group will externally authenticated via a RADIUS server. The user specifies a string username@realm in our case username @finance (the @realm part identifies the group name to which PPTP user belongs). Concentrator just passes the username infmromation alone stripping of the group name. If the user is authenticated he is assinged the attriubtes.

140
Views
0
Helpful
1
Replies
CreatePlease to create content