Cisco Support Community
Community Member

ACS + ASA + VPN + Certificates problem

Hi CSC Team,

I´m currently struggling with a problem concerning VPN logins. To be honest I´m not if this problem can be solved.

My setup looks like the following:

ACS Server 4.2 for AAA

ASA 8.2 as VPN endpoint

Cisco VPN Client

The VPN Client connects to the ASA using certificates, based on the certification map the ASA assigns a vpn tunnel-group, in this tunnel group AAA is configured using radius of the ACS.

When the user is authenticated dACL are downloaded etc. this works perfect.

What I now need is, if the same User logs in with another certificated from the ASA should assign a different tunnel group and should do AAA again against the ACS Server but should then get a total different set of dACL.


User A – connects to ASA1 – gets Tunnel group VPNCLient – AAA dACL from ACS1 = permit ip any any

User A- Connects to ASA1 – gets Tunnel group Smartphone – AAA dACL from ACS1= permit tcp any host x.x.x.x eq 80

I hope some has an Idea how to solve this, thanks in advance


CreatePlease to create content