I have radius setup to authenticate to our ASA VPN. In the ASA I have set up multiple tunnelgroups and used the Class (25) attribute in radius to drop people into their proper tunnel groups.
This is working great
My dilemma is we are currently using split tunnel. Alot of people want a Full tunneled connection depending on where they are in the world. To avoid having to setup eperate users I was hoping to accomplish this by radius/asa somehow.
I have tried to add 2 class (25) groups within radius. and then setup the pull down in Anyconnect to select tunnel or splitunnel.
It actually gives you both groups when you authenticate. But it still will always send the split tunnel networks to the client.
Is there a way that when you connect and select the drop down (tunnel) that you will authenticate with ONLY the tunnel attributes? Any help would be great. Thanks