I want to have my MS IAS RADIUS check on the connection profile that a SSL VPN user selected: Users can only authenticate for profiles that match their group membership. But a single user can be allowed to connect to more than one connection profile, so forcing a user into a profile (with the CLASS attribute in the RADIUS Access-accept) does not work.
user jdoe, member of RemoteUsers, can login on RemoteUsersProfile
user bigceo, member of RemoteUsers and of RemoteExecutives, can login on RemoteUsersProfile and on RemoteExecutiveProfile
user bofh, member of RemoteUsers and of RemoteAdmins, can login on RemoteUsersProfile and on RemoteAdminProfile
So the RADIUS needs to know on which connection profile a user wants to log into. Does anybody know where in the RADIUS request the ASA puts the selected connection profile? And how does that show up on an IAS server?
This is an interesting question. For a while I wondered about doing something similar to this. But I have not been able to find any indication that the ASA passes the chosen profile/group in the authentication request to Radius. If someone can show us that this can be done it would be helpful.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...