Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
988
Views
0
Helpful
5
Replies

VPN authentication using ACS 5.2

Go to solution
jlhainy
Level 2
Level 2

‎11-23-2010 07:59 AM - edited ‎03-10-2019 05:36 PM

I want to use ACS 5.2 to authenticate VPN users and Wireless users.

For the VPN users, there is an internal group on the ACS box and an Active Directory group in AD.  I would like to be able to use both sources to authenticate VPN users.  Some VPN users will have local accts on the ACS box, others will be AD users.  I'm having a hard time getting the policies right.  It seems I can get it to use either AD or Internal users but not both.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
aneelaka
Level 1
Level 1

‎11-23-2010 09:43 AM

Create Identity store sequence and have Internal User and AD in the Sequenece, refer to the attached screenshot and you can have this Identity in the Access policy so both internal and AD store is checked

Note: please rate the answer if it was helpful

View solution in original post

Preview file
214 KB
0 Helpful
5 Replies 5

Go to solution
aneelaka
Level 1
Level 1

‎11-23-2010 09:43 AM

Create Identity store sequence and have Internal User and AD in the Sequenece, refer to the attached screenshot and you can have this Identity in the Access policy so both internal and AD store is checked

Note: please rate the answer if it was helpful
Preview file
214 KB
0 Helpful

Go to solution
jlhainy
Level 2
Level 2
In response to aneelaka

‎11-23-2010 09:55 AM

So can you not create 2 different rules in the identity policy that would
reference 2 identity sources?

0 Helpful

Go to solution
aneelaka
Level 1
Level 1
In response to jlhainy

‎11-23-2010 10:03 AM

If you create two access policy with different identity store, then you will run into the same issue a you mentioned, if user is in AD and assume your first policy is configured for internal users, then it comes back with user not found, unless if the AD users come in from a diffrerent NAS client and you configure access poilcy based on NAS 

Note: Please rate the answer if it was helpful
0 Helpful

Go to solution
jlhainy
Level 2
Level 2
In response to aneelaka

‎11-23-2010 10:07 AM

So, if you are wanting to use 2 different identity sources, then using an

identity sequence is the way to go because it will check all of them?

0 Helpful

Go to solution
Eduardo Aliaga
Level 4
Level 4

‎11-23-2010 10:33 AM

I have a similar scenario. Some of our VPN users are in SecurID database. Some VPN users are in ACS Local database.

We configured the "Identity Policies" as "Rule based result selection". Then we created one rule using "Compound Condition" . You set the condition to  "System:UserName equals " and set the "Identity Source" to "Internal Users". For this rule you have to tell ACS explicitly what's the name of the user.

There's a default rule which "Identity Source" is set to SecurID Database. It applies to all users that didn't match the previous rule.

Hope it helps

0 Helpful
Customers Also Viewed These Support Documents