RA VPN with ASA, AAA, and Radius

Unanswered Question
Dec 19th, 2008
User Badges:
  • Bronze, 100 points or more

Hi there,


Is there a way to configure separate AAA groups using Radius for VPN authentication vs device authentication? I currently have my ASA configured with AAA using Radius, and I have no problems with that functionality. I'm using IAS/NPS on Windows Server, and I've created an AD security group to permission users who should be able to login to the device for administrative purposes. I want to be able to use a seperate AD security group for VPN users though. Is this possible?


Thanks in advance,


--Brandon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Fri, 12/19/2008 - 12:58
User Badges:
  • Green, 3000 points or more

Brandon,


I think I understand your question and requirements, but please correct me if Im wrong.


I believe your requirements resambles ASA feature intruduce in 8.0 code called Dynamic access Policies , in short (DAP).


Have a complete look at this feature, but I believe this could be one solution for what u need to accompish.

http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml


Regards

Actions

This Discussion