Vpn access on ASA using radius or ACS

Unanswered Question
Oct 27th, 2009


Can anyone tell me if just using my firewall with only local authentication I can create policies such as dynamic acl's that i can only allow certain vpn clients to see certain ip addresses, OR do I need an ACS server for this ?

and can I do the same using Windows radius ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Ivan Martinon Tue, 10/27/2009 - 10:48

You can do it with either solution you choose, with Radius either ACS or IAS will work as long as the proper attribute is chosen, downladable ACLs are easier to configure on ACS but you can define VSAs on the IAS to define these.

On the ASA you can define this locally by creating VPN filters and applying these filters to a group policy, then based on the user attributes (locally on the ASA) you can assign users to specific group policies where the filters are defined. HTH


This Discussion