Using Radius to Auto assign a Connection Profile.

rklingaman · ‎01-27-2009

What I'm trying to do is when a Student or Employee logs on to the VPN through our ASA 8.0(4)16 they automatically get assigned a Connection Profile. Currently Using Cisco ACSv4.0

I understand the class IETF [025] Class attribute and how it works and have it working at the moment that way where it assigns a group policy when a student or employee logs on.

The catch is because I don't have the drop down connection profiles enabled for them to chose (I don't want to enable it either) they get assigned the default WebVPN connection Profile.

From what I can understand if A connection profile is not selected it will assign this default one. Also If you try to lock down the policy to a tunnel group it will fail authentication. I believe this is cause because it is still defaulting to the webvpn and then denying the user to log on as the policy is locked down to a tunnel group

So what I'm trying to eventually accomplish is when a user logs on they get assigned a connection profile and a group policy based on whether they are a Employee or a Student without them selecting it from a drop down.

Ivan Martinon · ‎01-28-2009

The only ways to assign a user to a connection profile for webvpn, is to use group-alias with the pulldown menu that you mention, and group url, in which the user will enter the group as part of the url for the webvpn connection. Other than that, you cannot dynamically assign a connection profile via radius or any other authentication server, only group policies.