Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Windows groups, VPN groups, and SecureACS

Thread Tools

Windows groups, VPN groups, and SecureACS

John Sasso
Posts: n/a
I've run into a problem which I'm trying to find a solution to at work.

We have a Cisco VPN 3030 concentrator that administrators will VPN into
using Cisco's VPN client in order to do management remotely (there will
be quite a few admins, so for manageability purposes I do not want to
create them local accounts on the concentrator). The 3030 will
authenticate against a SecureACS server which is in a Windows Active
Directory domain.

[ For the sake of discussion, assume the Cisco products are all running
the latest software ]

The admins will belong to certain Windows groups (in Active Directory)
to designate the machine-spec. areas they are responsible for: Windows
servers, UNIX servers, mainframes, database servers, network devices.
The goal is to restrict access by those users, based on the group they
are in, to the machines they are to administer.


1. is there a way to tie a VPN group [in the 3030] to a Windows group in
AD through Secure ACS?

2. can you tie access control lists to a Windows group in Secure ACS?

Someone on my team suggested tieing the Windows group (and, in turn, the
VPN group) to an IP address pool for that group on the VPN concentrator,
and then using the firewalls that the admins have to go through filter
access to the servers/devices based on IP address range. The issue I
have with that is it is still not user or group based.

Another question: can you set up IP address pools for a VPN
concentrator on an ACS server rather than on the VPN concentrator alone?


PS: Please send all responses to this group, not to me directly.
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing Windows Passwords - VPN with a PIX, Cisco VPN Client and RADIUS Authentication DCS Cisco 2 03-26-2009 08:45 PM
VPN site to site & Remote access VPN ( vpn client) over the same interface pasatealinux Cisco 1 12-17-2007 07:41 PM
Questions to Cisco SecureACS Cisco 0 10-18-2006 07:42 AM
Cisco vpn server enabled / VPN and no-VPN connections mix Elise Cisco 6 05-22-2004 07:55 AM
SecureACS refuse/allow attribute problem Jason Kau Cisco 1 07-21-2003 09:53 PM