VPN users that are using FreeRadius are having access to all VLANs. VPN users using local authentication have local ACLs applied to their access.
I need to know what configuration change I need to make (on ASA or FreeRadius) to have the same ACLs (locally configured on the ASA) applied to the FreeRadius authenticated VPN users.
FreeRadius users file configuration:
cisco Auth-Type := System
Service-Type = NAS-Prompt-User,
cisco-avpair = "shell:priv-lvl=15"
Please provide me with steps and configuration examples to specify which VLAN FREERADIUS VPN users can have access to.
What lines could I add to the users file to accomplish this? Do I need to specify a different service-type or auth-type? Are there any settings on the ASA to enable to enforce local ACLs for FreeRadius authenticated users?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...