Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.4 indentity group rule condition

Dear All,

I have upgraded from ACS 3.3 to ACS 5.4. I had ASA configured as tacacs client, with several AAA Server Groups referencing to the groups in the ACS local database and mapped groups from AD. Each group was used for diferent services, i.e Remote-Access VPN 1 referencing to group1, Auth-proxy to group2 ect. Now with the new deployment I cannot configure the same enviroment. It seems that identity groups can only be chosen as a condition in authentication policy. Do you have any suggestion?

Regards,

Ibra

1 REPLY
New Member

ACS 5.4 indentity group rule condition

According to this guide:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/policy_mod.html#wp1075731

ACS 5.x cannot use identity store elements as conditions for service access selection rules.

I solved the problem by using Radius DAP-Tunnel-Group-Name.

Regards,

Ibra

241
Views
5
Helpful
1
Replies
CreatePlease to create content