01-28-2012 10:57 AM
Apologies for the ingorant question, but I wanted to verify something:
From what I can tell, would you want to use the Connection Profile (Tunnel Group) Lock option for RA VPN if you don't use Active Directory for authentication? I can't seem to find a reason to use it, other than if I was using it together with AD authentication.
Best regards,
Carl
01-28-2012 10:55 PM
If you are using local auth on firewall and have diffrent group configured with filter list/split tunnel then group lock can be useless to restrict users for specific group else users can connect any group.
01-29-2012 11:45 AM
Would that be the only scenario?
01-29-2012 11:56 AM
Authentication can be any way for users right (ACS/Radius/AD/Local) but group policy locks the user into the preferred tunnel-group.
01-30-2012 05:51 AM
Right - so if I were to use RADIUS to provide these users with the Group Policy class, then using the tunnel group lock would be redundant, no?
10-12-2012 01:42 AM
In Cisco ACS 4.x you can use attribute 3076\085 Tunnel-Group-Lock, to restrict users not to log on to diferent connection profile.
10-12-2012 12:21 PM
This should clarify your confusion
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide