Re: VPN Restriction in ASA OS 8.22

My Topology is :

ASA -----to---- ACS ----to----- Windows-DomainControler.

Can I do that with DC the same way you say it can be done with LDAP ?

Regards

----- Original Message -----
From: "Ryan West" <rwest_at_zyedge.com>
To: "Kanishka Acharya (kaachary)" <kaachary_at_cisco.com>; "Farrukh Haroon"
<farrukhharoon_at_gmail.com>; "Edouard Zorrilla" <ezorrilla_at_tsf.com.pe>
Cc: <security_at_groupstudy.com>; "Cisco certification"
<ccielab_at_groupstudy.com>
Sent: Friday, March 19, 2010 7:54 PM
Subject: RE: VPN Restriction in ASA OS 8.22

>> -----Original Message-----
>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>> Kanishka Acharya (kaachary)
>> Sent: Friday, March 19, 2010 8:00 PM
>> To: Farrukh Haroon; Edouard Zorrilla
>> Cc: security_at_groupstudy.com; Cisco certification
>> Subject: RE: VPN Restriction in ASA OS 8.22
>>
>> Actually on ASA, Radius Class [25] is no longer used for group-lock, but
>> to
>> bind a group-policy to the user. You need to use cvpn 3000/PIX/ASA VSA 85
>> (Tunnel-Group-Lock) for this purpose. Alternatively, you can use the
>> Group-lock attribute in group-policy for this.
>>
>
> Wouldn't an LDAP authorization do the same?
>
> -ryan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Mar 19 2010 - 22:39:18 ART