[c-nsp] ACS and ASA VPN user authentication
Nicholas Weaver
nweaver at thinkcash.com
Tue Sep 4 11:20:30 EDT 2007
I have done this with Microsoft IAS and it works like a dream. I use it
to restrict VPN access to users that are members of specific Domain
groups. I can also stack the rules to allow for a group per group and
ACL's for Departments...etc.
I am using the new AnyConnect with an ASA 5520 running 8.0(2).
.nick
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of John Kougoulos
Sent: Wednesday, August 29, 2007 5:14 AM
To: Brett Looney
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ACS and ASA VPN user authentication
Hello,
I've done this in vpn concentrators with radius:
Locking Users into a VPN 3000 Concentrator Group Using a RADIUS Server
http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example0
9186a00800946a2.shtml
It applies to VPN concentrators using Radius, but I guess that it will
probably work for ASA also. I think it will also be easy to migrate to
RADIUS.
Best Regards,
John
Brett Looney wrote:
> Greets,
>
> So, is there a way I can do this with ASA and ACS? I want to lock a
> particular user (or group) to a VPN group and not let them connect any
other
> way.
>
> More information:
>
> We're using ACS for Windows 3.3 (but can upgrade if necessary) and
> authenticating via TACACS+.
> We're running ASA code version 7.2.2.
>
> Any ideas? Does this even make sense? TIA.
>
> B.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list