08-31-2009 10:22 AM - edited 02-21-2020 04:19 PM
Last week, I assigned a test server Cisco ACS to act as the authentication and accounting device for a specific group on a Cisco VPN Concentrator 3060. When I looked at ACS, it appeared that not only the group was going there but others were passing through as well and using the defaults on the Cisco Secure ACS. Is there a way that I can ensure that only the traffic assigned to that specific VPN group will using the ACS server defined?
THank you
Solved! Go to Solution.
08-31-2009 10:29 AM
Hi ,
Not sure about your set up. But you need to set up group mapping so that only specific AD group can authentication.
In external db group mapping, map
ACS VPN group----->with<---- AD VPN group
All other combination should point to No access group.
Regards,
~JG
Do rate helpful posts
08-31-2009 10:29 AM
Hi ,
Not sure about your set up. But you need to set up group mapping so that only specific AD group can authentication.
In external db group mapping, map
ACS VPN group----->with<---- AD VPN group
All other combination should point to No access group.
Regards,
~JG
Do rate helpful posts
08-31-2009 11:35 AM
JG,
I did have the group mapping, but while doing some testing with LDAP and ACS, I mapped two additional groups to prove that an upgrade was successful. I will set it back the All other combinations to no access group.
Let me test.
Dwane
08-31-2009 11:39 AM
JG,
If I put an authentication and authorization server at a single group level, then shouldn't that group be the only one who utilizes that server?
Thanks
DWane
08-31-2009 01:28 PM
Hi DWane,
Setting up single authen and author server in vpn3000 should work fine.
Regards,
~JG
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide