cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
582
Views
0
Helpful
1
Replies

Multiple RADIUS auth groups on a single Windows server

tylerlucas
Level 1
Level 1

We have multiple RA VPN groups on a 3845 router.

RADIUS authentication is currently happening between the 3845 and a single Windows 2008 server.  We have a specific windows group that AD users are members of, and they are allowed to connect via VPN.

I'm creating a new RA VPN Group, which should only allow different AD users.  Is it possible to create another RADIUS association to the same server, or do I need to authenticate against a different Windows server?

Thanks,

Tyler

1 Accepted Solution

Accepted Solutions

andamani
Cisco Employee
Cisco Employee

Hi Tyler,

If i understand the question properly, here is what you have to say.

There are multiple groups on the AD. currently users of 1 particular group on AD are connecting fine to the RAVPN.

Now you want VPN to be connected or allowed only for another group on AD. basically you want to control the access to resources based on the groups they belong on the AD. am i correct?

The aaa-server you are using is radius. i don't think you can do the authentication and access-control based on groups on AD using radius.

i would suggest try LDAP.

http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_ldap.html

hope this helps.

Regards,

Anisha

P.S.: please rate helpful posts

View solution in original post

1 Reply 1

andamani
Cisco Employee
Cisco Employee

Hi Tyler,

If i understand the question properly, here is what you have to say.

There are multiple groups on the AD. currently users of 1 particular group on AD are connecting fine to the RAVPN.

Now you want VPN to be connected or allowed only for another group on AD. basically you want to control the access to resources based on the groups they belong on the AD. am i correct?

The aaa-server you are using is radius. i don't think you can do the authentication and access-control based on groups on AD using radius.

i would suggest try LDAP.

http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_ldap.html

hope this helps.

Regards,

Anisha

P.S.: please rate helpful posts