Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
434
Views
0
Helpful
2
Replies

AD groups, wireless/VPN restrictions ACS4.0

mark.stephens
Level 1
Level 1

‎10-19-2006 10:25 AM - last edited on ‎03-25-2019 05:23 PM by Community Manager

Hi,

I have a situation where I have 2 groups in ACS called wireless and VPN. I have successfully mapped these to 2 AD groups called the same.

My requirement now is to restrict the wireless users so that they can only authenticate through an access point and not the vpn.

How would I achieve this bearing in mind I can restrict on IP address as they are all in the same subnet?

Is there anyway to configure say user1 will only be able to connect via the wireless?

Labels:
0 Helpful
2 Replies 2

ethiel
Level 3
Level 3

‎10-19-2006 02:22 PM

If you go to Interface Configuration->Advanced options, there is an option "Group-Level Network Access Restrictions". If you check that, then under each group you can define what devices members can authenticate on. For your VPN group, only allow them to access your VPN devices, and your wireless only allow them to access your wireless devices.

-Eric

Please remember to rate all helpful posts.

0 Helpful

news2010a
Level 3
Level 3
In response to ethiel

‎10-31-2006 02:14 PM

Great. I am working on the exact same solution you answered my question.

0 Helpful
Customers Also Viewed These Support Documents