Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA RADIUS auth request with tunnel-group attribute

ASA version 8.4(5), AnyConnect clients, Cisco ACS 4.2

I need to pass on (inbound RADIUS attribute) to ACS what tunnel-group is being used to establish a VPN session.  I don't see this as an option anywhere ... does anyone know if this is possible?

Thanks, Jeff K

3 REPLIES

ASA RADIUS auth request with tunnel-group attribute

I believe that should be enabled by default on the ASA, however i don' remember what version this was introduced in, but it was quite recent, so maybe your 8.4.5 doesnt send the tunnel-group name in the radius request.

New Member

ASA RADIUS auth request with tunnel-group attribute

Thanks for that info Jan.  I will try a newer version and report back what I find.  Jeff K

New Member

ASA RADIUS auth request with tunnel-group attribute

I discovered the "Tunnel Group Name" attribute was added in ASA 8.4.3 ... see release notes.

It turns out our actual problem is that ACS Windows 4.x does not recognize this new attribute.

I opened a TAC case and hooked up with a great support engineer.  She found a patch (put together a while back for another customer) to update an ACS 4.x databse so it will recognizes the Tunnel Group Name attribute.

Thanks Eli!

Jeff K

543
Views
4
Helpful
3
Replies