Storing group-policy attributes for WebVPN on ACS 3.2
I have an ASA-5510 with 7.1 with the needed SSL WebVPN client feature license. Reading through the documentation, group policies can be internal or external (stored on an AAA server).
Reading the Cisco Security Appliance Command Line Configuration Guide, version 7.1, page 514 lists WebVPN-specific group-policy attributes. There are several that I've never seen on my ACS 3.2 server.
Has anyone successfully configured group-policies on an ACS server so that it could be obtained on-the-fly by the supplicant from the AAA (authentication) server? I'd like to keep things centrally managed and avoid creating local group policies if at all possible.
Re: Storing group-policy attributes for WebVPN on ACS 3.2
I believe I just partly answered my own question. Appendix E (page 742) states that you can use the RADIUS CLASS attribute (25) to specify the group policy.
For clarification, it sounds like the group policy must be defined locally on each box it will be applied to, but it won't be assigned to any user unless I specify it in the CLASS attribute? There's no way to define the class and store it (similar to how you can define ACLs to apply to users on the ACS) on the ACS?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...