Storing group-policy attributes for WebVPN on ACS 3.2

Unanswered Question
Apr 27th, 2006
User Badges:

I have an ASA-5510 with 7.1 with the needed SSL WebVPN client feature license. Reading through the documentation, group policies can be internal or external (stored on an AAA server).

Reading the Cisco Security Appliance Command Line Configuration Guide, version 7.1, page 514 lists WebVPN-specific group-policy attributes. There are several that I've never seen on my ACS 3.2 server.

Has anyone successfully configured group-policies on an ACS server so that it could be obtained on-the-fly by the supplicant from the AAA (authentication) server? I'd like to keep things centrally managed and avoid creating local group policies if at all possible.

Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tclegg Thu, 04/27/2006 - 14:48
User Badges:

I believe I just partly answered my own question. Appendix E (page 742) states that you can use the RADIUS CLASS attribute (25) to specify the group policy.

For clarification, it sounds like the group policy must be defined locally on each box it will be applied to, but it won't be assigned to any user unless I specify it in the CLASS attribute? There's no way to define the class and store it (similar to how you can define ACLs to apply to users on the ACS) on the ACS?



This Discussion