Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
653
Views
0
Helpful
0
Replies

Locking Users into a ASA VPN Group using RADIUS

d.haeni
Level 4
Level 4

‎10-04-2006 07:55 AM - edited ‎02-21-2020 02:38 PM

Hello,

My goal ist to lock users into a VPN group which overrides the group the user has configured in the Cisco VPN Client. In this way, access restrictions can be applied to various groups configured on the ASA with the assurance that the users are locked into that group with the RADIUS server.

I have managed to sort of get it to work by ENFORCING the user to always use his profile via [3076\085] Tunnel-Group-Lock. The ultimate goal would be to REASSIGN the user to the correct group, allowing to deploy just one .pcf file.

Currently I end up with a disconnect:

"Tunnel Rejected: User (<user>) not member of group (<VPN group>), group-lock check failed".

All I actually need is a configuration example for an ASA instead of this one for VPN 3000 Concentrator: http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800946a2.shtml

Any input is greatly appreciated.

Regards

/David

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents