cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
268
Views
0
Helpful
1
Replies

RA VPN with ASA, AAA, and Radius

branfarm1
Level 4
Level 4

Hi there,

Is there a way to configure separate AAA groups using Radius for VPN authentication vs device authentication? I currently have my ASA configured with AAA using Radius, and I have no problems with that functionality. I'm using IAS/NPS on Windows Server, and I've created an AD security group to permission users who should be able to login to the device for administrative purposes. I want to be able to use a seperate AD security group for VPN users though. Is this possible?

Thanks in advance,

--Brandon

1 Reply 1

JORGE RODRIGUEZ
Level 10
Level 10

Brandon,

I think I understand your question and requirements, but please correct me if Im wrong.

I believe your requirements resambles ASA feature intruduce in 8.0 code called Dynamic access Policies , in short (DAP).

Have a complete look at this feature, but I believe this could be one solution for what u need to accompish.

http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

Regards

Jorge Rodriguez
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: