Dynamic tunnel assingment

Answered Question
Apr 18th, 2007

I'm trying to configure the ASA appliance so that a user will be dynamically placed into a particular tunnel group based on an attribute returned from Cisco Secure ACS when the user is authenticated. I have been able to accomplish this on the Cisco VPN 3000 concentrator by returning the IETF Radius Attribute [25] Class. I need assistance trying to configure the same behavior in the ASA.


I have this problem too.
0 votes
Correct Answer by ydemissie about 9 years 4 months ago

Attached is a document I wrote on how to accomplish this on an ASA 7.2(2) with RSA Authentication Manager (Funk Radius server built-in)...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
ggilbert Fri, 06/08/2007 - 06:37

On the ACS server - the OU should be the group-policy to which the users should be connected to (group-policy configured on the ASA) and on the group-policy you can specify the group-lock feature to lock the user into the specified tunnel-group.

Hope this helps.

Let me know if you have any questions.




This Discussion