[c-nsp] ACS and ASA VPN user authentication
Brett Looney
brett at looney.id.au
Thu Aug 30 19:34:52 EDT 2007
Christian Zeng wrote:
> To lock users into a specific VPN group, set
>
> [3076\033] IPSec-User-Group-Lock
>
> to ON and deliver the VPN group name within
>
> [3076\085] Tunnel-Group-Lock
>
> Afaik, the method with the class attribute (OU=) does not work for
> the ASA. Of course, group lock does not help if the person has
> the pcf/group key and knows a valid username/password for that
> group he should not belong to.
Thanks, that's exactly what I'm looking for. I'll give it a go.
The user in question shouldn't know anyone else's username/password so this
will do what I need.
Thanks again!
B.
More information about the cisco-nsp
mailing list