https://community.cisco.com/t5/network-access-control/vpn-authentication-with-acs/m-p/718633#M409137 <HTML><HEAD></HEAD><BODY><P>Solution would be to make use of CLI/DNIS NAR,</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml</A></P><P></P><P>Regards,</P><P>Prem</P></BODY></HTML> Wed, 22 Aug 2007 14:12:42 GMT Premdeep Banga 2007-08-22T14:12:42Z https://community.cisco.com/t5/network-access-control/vpn-authentication-with-acs/m-p/718632#M409136 <P>I have a setup where my VPN users hit the ACS server for user authentication - off of AD. What I am not sure of, is how to limit which users have VPN access. </P><P></P><P>All of the users would still need to authenticate for wireless (EAP) but be limited to either VPN access or No VPN access. </P> Sun, 10 Mar 2019 22:20:54 GMT https://community.cisco.com/t5/network-access-control/vpn-authentication-with-acs/m-p/718632#M409136 andy-gerace 2019-03-10T22:20:54Z https://community.cisco.com/t5/network-access-control/vpn-authentication-with-acs/m-p/718633#M409137 <HTML><HEAD></HEAD><BODY><P>Solution would be to make use of CLI/DNIS NAR,</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a00801a8fd0.shtml</A></P><P></P><P>Regards,</P><P>Prem</P></BODY></HTML> Wed, 22 Aug 2007 14:12:42 GMT https://community.cisco.com/t5/network-access-control/vpn-authentication-with-acs/m-p/718633#M409137 Premdeep Banga 2007-08-22T14:12:42Z https://community.cisco.com/t5/network-access-control/vpn-authentication-with-acs/m-p/718634#M409140 <HTML><HEAD></HEAD><BODY><P>I have tried that and it does not seem to make a difference. If I add the AAA group (the firewall in this case) and add * for the CLI, DNIS, etc. it will still let me log into the VPN client as a user in that group. </P><P>Am I supposed to be putting something different in for the port, etc.? </P><P></P><P></P></BODY></HTML> Wed, 22 Aug 2007 15:21:44 GMT https://community.cisco.com/t5/network-access-control/vpn-authentication-with-acs/m-p/718634#M409140 andy-gerace 2007-08-22T15:21:44Z https://community.cisco.com/t5/network-access-control/vpn-authentication-with-acs/m-p/718635#M409142 <HTML><HEAD></HEAD><BODY><P>I have the same problem. I haven't tested it yet but believe it will be in the lines of - create a new GPO in AD for VPN users. On the ACS you can do group mappings to specific AD groups and then limit it that way. But like I say I haven't tested it yet. If you do get it right please post your findings.</P><P></P><P>Thanks</P><P></P><P>Will</P></BODY></HTML> Wed, 22 Aug 2007 16:23:42 GMT https://community.cisco.com/t5/network-access-control/vpn-authentication-with-acs/m-p/718635#M409142 wpetherbridge 2007-08-22T16:23:42Z