Wondering if it's possible to send a VSA from my radius server to my ASA-5505 that will instruct the ASA to use one of several split tunnel lists I have created, based on the user name supplied in the Radius request.
For example, I can send a VSA of "ip:inacl#1=permit ..." and the ASA will dynamically create an access-list for that user.
Is there a similar VSA for split tunnel?
ACS supports Cisco VPN 3000/ASA/PIX 7.x+ RADIUS VSAs. The vendor ID for this Cisco RADIUS Implementation is 3076.
You have to use two attributes for ASA:
Now on the ASA you have to create netwok list as mentioned in the below listed document and then you have to call the name of the
In the attribute [3076\027]: you only need to define the name of the access-list that you created under network-list.
Attribute 55, IPSec-Split-Tunneling-Policy, will need to be set to Only Tunnel networks in list.
Plz rate helpful posts-