Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
256
Views
0
Helpful
1
Replies

Locking users into specific groups on VPN

jonesl1
Level 1
Level 1

‎06-10-2005 09:33 AM - edited ‎02-21-2020 01:49 PM

Question #1:

We use a VPN 3000 and are setting up some remote users to connect to our network via the internet. We would like to set this up so that the users are locked into the group defined on their .pcf file. Currently we set the vpn to authenticate the user through different groups. If they are valid, the vpn sends a request to the RADIUS server. The user is then prompted by the ACS for a userid and password. Once entered, the name is checked on the ACS, where we have an IETF class attribute defined for the user (OU=Groupname;), authentication is checked against the vpn to verify the groupname and either allow or deny access.

Well here is the problem: If the groupname on the RADIUS server doesn't match exactly one of the groups on the vpn, the user is automatically allowed access instead of denied access. This just seems backwards to me. It should be denied I would think.

So... I would like to know if there is some way to set this up whereas each user will use a different .pcf group file, but we can still regulate what groups they can enter through the ACS server. That way if they were to share a .pcf file, they would still only be allowed to that one group because of what we would have defined on the ACS server.

Any help would be greatly appreciative. Thank you in advance!

The version of VPN Firmware we are using is: vpn3000-4.0.2.Rel-k9

Labels:
0 Helpful
1 Reply 1

umedryk
Level 5
Level 5

‎06-21-2005 07:26 AM

You need to check the release notes of vpn3000-4.0.2.Rel-k9 for the same.

0 Helpful
Customers Also Viewed These Support Documents