Hello,
My goal ist to lock users into a VPN group which overrides the group the user has configured in the Cisco VPN Client. In this way, access restrictions can be applied to various groups configured on the ASA with the assurance that the users are locked into that group with the RADIUS server.
I have managed to sort of get it to work by ENFORCING the user to always use his profile via [3076\085] Tunnel-Group-Lock. The ultimate goal would be to REASSIGN the user to the correct group, allowing to deploy just one .pcf file.
Currently I end up with a disconnect:
"Tunnel Rejected: User (<user>) not member of group (<VPN group>), group-lock check failed".
All I actually need is a configuration example for an ASA instead of this one for VPN 3000 Concentrator: http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800946a2.shtml
Any input is greatly appreciated.
Regards
/David