RA VPN with ASA, AAA, and Radius

Unanswered Question
Dec 19th, 2008
User Badges:
  • Bronze, 100 points or more

Hi there,

Is there a way to configure separate AAA groups using Radius for VPN authentication vs device authentication? I currently have my ASA configured with AAA using Radius, and I have no problems with that functionality. I'm using IAS/NPS on Windows Server, and I've created an AD security group to permission users who should be able to login to the device for administrative purposes. I want to be able to use a seperate AD security group for VPN users though. Is this possible?

Thanks in advance,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Fri, 12/19/2008 - 12:58
User Badges:
  • Green, 3000 points or more


I think I understand your question and requirements, but please correct me if Im wrong.

I believe your requirements resambles ASA feature intruduce in 8.0 code called Dynamic access Policies , in short (DAP).

Have a complete look at this feature, but I believe this could be one solution for what u need to accompish.




This Discussion