I have a RA-VPN configuration with a Cisco VPNC and a Cisco Secure ACS 4.2. I do VPN tunnel-group mapping accordind to the user RADIUS attribute 25 class (ou=...), and it works fine. I migrated this solution from the VPNC to an ASA5520 with 8.0(4) software image, and I can't do this tunnel-group mapping, althought the ACS configuration is the same (of course), and I think that the FW configuration is correct also.
All the tunnel-groups are internal, and the authentication is right everywhere, but the tunnel-mapping doesn't working.
Can anyone write a sample config to me for ASA to verify it?
Is there a special command (f.e. "tunnel-group-map enable ou") I should use?
Thanks for the answeres!
I am glad it works, please be sure to rate useful posts
The pools and ip addressing can be either define on the group policy with correct value, or you can use the ACS with either a static ip on the user or with the pool on either group or user, this attribute will be passed on the radius access accept as a framed-ip address value.