I have a remote VPN configured in my ASA firewall with a VPN group of users configured on the external ACS. The group called VPNASA authenticate thru the ACS server and the ip pool server is on the ASA firewall. Now my boss asked me to configure a second VPN group called VPNSALES on the ACS server for the same remote VPN on the ASA firewall. How do I configure the ASA firewall to accept both group and authenticate to the same ACS server ? I have never done this before so I need help.
Thanks so much !
all that you need to do is to create another group policy and attach it to a tunnel group :-
group-policy vpnsales internal
group-policy vpnsales attributes
banner -- VPN access for sales team
dns-server value x.x.x.x
split-tunnel policy tunnelspecified
split-tunnel-network-list value split-sales
tunnel-group vpnsales type remote-access
tunnel-group vpnsales general-attributes
tunnel-group vpnsales ipsec-attri
you will also create an attribute map named vpnsales for acs auth.