Cisco VPN 3000 Concentrator - Active Directory authentication and AD 'dialin' remote access permissions attribute

Can someone tell me how a Cisco VPN 3000 Concentrator needs to be configured so that when the user puts in their Active Directory credential via Cisco VPn client - the concentrator then checks against the AD 'dialin' remote access permission attribute on their user account?

Currently, as long as the user has a AD domain account and a valid user account/password they are allowed to connect via VPN, and new management wants to be able to set the access via AD on a per user or per group basis.
Who is Participating?
stressedout2004Connect With a Mentor Commented:
That would require authorization. There's no configuration that you can do on the VPN 3000 to achive this. You would need a radius server and bind the AD to it. Setup an IAS server and configure the VPN 3000 as a radius client on it. On the VPN 3000, under Configuration > System > Servers > Authentication, add the IAS as a radius server. You will then configure the Remote Access Policy on the IAS and select "Grant remote access permission". The user on the AD itself will also need to have remote access permission enabled in order to connect to the VPN.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.