Problems with ipsec remota access and external group policy
I have an ASA that is using ACS as the radius authentication server.
My problem is with VPN remote access.
When i configure group-policy external and use this policy as the default policy for the tunnel-group (i download the VPN attributes from the ACS), the ASA shows an authentication error, telling that the the username or pasword is not valid.
On the other hand, when i use only the command "authentication-server-group", the VPN works fine.
Does any body know why the group-policy external command is not working? I can't find any example on cisco.com
Re: Problems with ipsec remota access and external group policy
You have to understand the difference between the 'group-policy' and the 'tunnel-group'. Whatever you define on ACS takes care of the group-policy part. The tunnel-group part still needs to be taken care of on the ASA itself. This is how the ASA differs from the VPN Concentrator in a way. The default authentication is using the local database. To use Radius, you need to use the authentication-server-group command. Have a look at this link:
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...