How can i configure VPN 3005 active directory access by group

fraevolquez · ‎09-29-2005

Hi. I need help to configure a Cisco VPN concentrator. I´ve created an Active Directory's group and added 2 users. In the CVPNC i've configure LDAP autentication and autorization servers.

But i just get to give access to everyone in the Active Directory Server. I just Want To give access to especific users in a group

owillins · ‎10-04-2005

Here is a document which demonstrates how to configure the Cisco VPN 3000 Concentrator to authenticate Cisco VPN Clients to an external Microsoft Windows NT domain server.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a00800949b4.shtml

steven.pagan · ‎02-07-2006

I think that he is trying to get it to authenticate with a specific group in the domain. I am attempting to do the same thing. I can get the concentrator to authenticate using the domain server but I don't want every user in the domain to be able to authenticate, only ones from a specific group. Does anyone know how I can accomplish this?

hal.chaikin · ‎04-05-2006

Can't you do this from the AD side rather than the VPN side? I would think there's probably a couple of work-arounds i.e. 1) create a new site in AD - assign the IP range in your VPN's address pool to that site. Then implement a GPO for it allowing only those IP's to remotely connect? 2) Similarly, Instead of a site, or group, drop those remote users' accounts into a separate OU and then apply the GPO? etc.