Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Storing group-policy attributes for WebVPN on ACS 3.2

I have an ASA-5510 with 7.1 with the needed SSL WebVPN client feature license. Reading through the documentation, group policies can be internal or external (stored on an AAA server).

Reading the Cisco Security Appliance Command Line Configuration Guide, version 7.1, page 514 lists WebVPN-specific group-policy attributes. There are several that I've never seen on my ACS 3.2 server.

Has anyone successfully configured group-policies on an ACS server so that it could be obtained on-the-fly by the supplicant from the AAA (authentication) server? I'd like to keep things centrally managed and avoid creating local group policies if at all possible.

Thanks in advance.

Community Member

Re: Storing group-policy attributes for WebVPN on ACS 3.2

I believe I just partly answered my own question. Appendix E (page 742) states that you can use the RADIUS CLASS attribute (25) to specify the group policy.

For clarification, it sounds like the group policy must be defined locally on each box it will be applied to, but it won't be assigned to any user unless I specify it in the CLASS attribute? There's no way to define the class and store it (similar to how you can define ACLs to apply to users on the ACS) on the ACS?


CreatePlease to create content