[c-nsp] ACS and ASA VPN user authentication
Christian Zeng
christian at zengl.net
Thu Aug 30 10:46:43 EDT 2007
Hi,
* Brett Looney wrote on 30.08.2007 02:33:
> Thanks, I'll check it out. Given that there is supposed to be feature parity
> between ASA v7.x and VPN3000 this might work.
To lock users into a specific VPN group, set
[3076\033] IPSec-User-Group-Lock
to ON and deliver the VPN group name within
[3076\085] Tunnel-Group-Lock
Afaik, the method with the class attribute (OU=) does not work for the
ASA. Of course, group lock does not help if the person has the pcf/group
key and knows a valid username/password for that group he should not
belong to.
Christian
More information about the cisco-nsp
mailing list