Windows groups, VPN groups, and SecureACS

Discussion in 'Cisco' started by John Sasso, Oct 2, 2004.

  1. John Sasso

    John Sasso Guest

    I've run into a problem which I'm trying to find a solution to at work.

    We have a Cisco VPN 3030 concentrator that administrators will VPN into
    using Cisco's VPN client in order to do management remotely (there will
    be quite a few admins, so for manageability purposes I do not want to
    create them local accounts on the concentrator). The 3030 will
    authenticate against a SecureACS server which is in a Windows Active
    Directory domain.

    [ For the sake of discussion, assume the Cisco products are all running
    the latest software ]

    The admins will belong to certain Windows groups (in Active Directory)
    to designate the machine-spec. areas they are responsible for: Windows
    servers, UNIX servers, mainframes, database servers, network devices.
    The goal is to restrict access by those users, based on the group they
    are in, to the machines they are to administer.

    Thus,

    1. is there a way to tie a VPN group [in the 3030] to a Windows group in
    AD through Secure ACS?

    2. can you tie access control lists to a Windows group in Secure ACS?

    Someone on my team suggested tieing the Windows group (and, in turn, the
    VPN group) to an IP address pool for that group on the VPN concentrator,
    and then using the firewalls that the admins have to go through filter
    access to the servers/devices based on IP address range. The issue I
    have with that is it is still not user or group based.

    Another question: can you set up IP address pools for a VPN
    concentrator on an ACS server rather than on the VPN concentrator alone?

    --john

    PS: Please send all responses to this group, not to me directly.
    John Sasso, Oct 2, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jason Kau
    Replies:
    1
    Views:
    3,774
    Jason Kau
    Jul 21, 2003
  2. Mephesto
    Replies:
    2
    Views:
    2,239
    Mephesto
    Jun 9, 2005
  3. AM
    Replies:
    2
    Views:
    408
  4. Replies:
    0
    Views:
    322
  5. Dr Nova
    Replies:
    1
    Views:
    266
    SagaBoi17
    Jun 11, 2005
Loading...

Share This Page