RA VPN with ASA, AAA, and Radius

Unanswered Question
Dec 19th, 2008

Hi there,

Is there a way to configure separate AAA groups using Radius for VPN authentication vs device authentication? I currently have my ASA configured with AAA using Radius, and I have no problems with that functionality. I'm using IAS/NPS on Windows Server, and I've created an AD security group to permission users who should be able to login to the device for administrative purposes. I want to be able to use a seperate AD security group for VPN users though. Is this possible?

Thanks in advance,

--Brandon

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Fri, 12/19/2008 - 12:58

Brandon,

I think I understand your question and requirements, but please correct me if Im wrong.

I believe your requirements resambles ASA feature intruduce in 8.0 code called Dynamic access Policies , in short (DAP).

Have a complete look at this feature, but I believe this could be one solution for what u need to accompish.

http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

Regards

Actions

This Discussion