Radius attributes for anyconnect

Unanswered Question
Dec 13th, 2007
User Badges:

I have been trying to configure the anyconnect client to use a drop down menu to pick the group policy that they want to use. The problem is that I get the drop down menu to pick the two different groups that I setup on the ASA using the group-alias, however, they do not take on the attributes of the group and it shows up in the logs as using the same group policy even when I pick a different one. I setup individual usernames attached to the two different group policies and when I do that, they take on the correct attributes, so it looks to me that I have a radius attribute I have to change in ACS. Does anyone know which attribute I have to change to get it to work? Thank you very much for all of your help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tstanik Thu, 12/20/2007 - 12:38
User Badges:
  • Bronze, 100 points or more

You have to check the group policy. If possible map each user according to the user group in the group policy and setup the anyconnect client to select from these groups.

jasonsuplita Fri, 12/21/2007 - 12:33
User Badges:

I can get it to work if I set the "Class attribute" in radius, but I would still like the users to choose which profile they want, instead of being lock into one. The problem is that some users need LAN access where they are at. So, we created a full tunnel and a split-tunnel group policy. I want them to be able to choose either one of these policies. If there is anyway that I can do this without seperating users into separate groups within ACS and using the "Class Attribute" that would be great, because there are around 800 users for the split tunnel and a few thousand that need the full tunnel, so it would be a nightmare trying to track down all the users that need the LAN access. Do you happen to know if there is an attribute that will allow me this flexibility? Thanks.


This Discussion