Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN into network with only AD OU account

Status
Not open for further replies.
billyj1900

billyj1900

MIS
Feb 4, 2006
70
US
I have a setup ACS authentication setup but now I want to only allow certain people in a specified OU in active directory to be able to log in using VPN. Does anyone know if there is a way to setup authentication to active directory using a specific OU.
 
Sort by date Sort by votes
i don't know of any way to do it by OU, but why not use an AD group instead??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
yes you can do this in ACS. have you set up an external database in the ACS application?
 
Upvote 0 Downvote
ok then you can define what group is allow to access the vpn. what you will need to do is create the group. go to your external database in ACS and map it to that group and either allow or deny access.
 
Upvote 0 Downvote
no, while restarting, new users will not be able to authenticate but will not kick off existing users
 
Upvote 0 Downvote
Created a NT group in AD, added one user, setup a new group in ACS, mapped that NT group to the ACS group. I can still log into the VPN client with another AD account besides the one I put into the NT group.
 
Upvote 0 Downvote
where you did that mapping..there is an option to map another group or 'deny access' or something like that or deny all others so it should look something like

ADGroupYoucreated VPN Access
Deny Everyone else


 
Upvote 0 Downvote
I have no deny access in the mapping group. I am trying to see how to deny access in the group setup.
 
Upvote 0 Downvote
ok then its possible..its on the mapping part of the menu
 
Upvote 0 Downvote
Ok finally got it. In the Per Group defained network access restrictions on the TAC+ACS I had to check the box define IP-based access restrictions, denied call/point, and choose the NDG * *. I also had to check the box to define CLI/DNIS, denied calling/point choose teh NDG * *.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
670
Sameer258
Sameer258
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
583
intel233
intel233
ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
230
hairlessupportmonkey
hairlessupportmonkey
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
205
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
719
Shmid
Shmid

Part and Inventory Search

Sponsor

Back
Top