Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
0
Helpful
1
Replies

Storing group-policy attributes for WebVPN on ACS 3.2

tclegg
Level 1
Level 1

‎04-27-2006 02:36 PM - edited ‎02-21-2020 10:15 AM

I have an ASA-5510 with 7.1 with the needed SSL WebVPN client feature license. Reading through the documentation, group policies can be internal or external (stored on an AAA server).

Reading the Cisco Security Appliance Command Line Configuration Guide, version 7.1, page 514 lists WebVPN-specific group-policy attributes. There are several that I've never seen on my ACS 3.2 server.

Has anyone successfully configured group-policies on an ACS server so that it could be obtained on-the-fly by the supplicant from the AAA (authentication) server? I'd like to keep things centrally managed and avoid creating local group policies if at all possible.

Thanks in advance.

Labels:
0 Helpful
1 Reply 1

tclegg
Level 1
Level 1

‎04-27-2006 02:48 PM

I believe I just partly answered my own question. Appendix E (page 742) states that you can use the RADIUS CLASS attribute (25) to specify the group policy.

For clarification, it sounds like the group policy must be defined locally on each box it will be applied to, but it won't be assigned to any user unless I specify it in the CLASS attribute? There's no way to define the class and store it (similar to how you can define ACLs to apply to users on the ACS) on the ACS?

Thanks.

0 Helpful
Customers Also Viewed These Support Documents