Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Anyconnect AAA -> determine group policy with RADIUS or TACACS+

We've got a 5510 SecPlus (actually a pair) and I'm configuring new active directory backed VPN services using Aruba Clearpass Policy Manager. CPPM lets me send arbitrary tacacs or radius attributes based on the LDAP attributes in AD. So what I'd like to know is: can I configure the Connection Profile to assign a group policy dynamically based on what the auth server kicks back?

I'm fairly certain I could map certain users to certain connection profiles and have my users select the appropriate connection profile from the drop down, then restrict access to each connection profile with clearpass. It'd be much more elegant if I could have a single connection profile with a dynamically selected group policy.

ASA 8.0.2

Everyone's tags (5)
Cisco Employee

Anyconnect AAA -> determine group policy with RADIUS or TACACS+

Well connection profile can be assisned dynamically from radius server with backend database as AD/LDAP?

What protocol are you using between ASA and Authentication server?

Can you reply with ASA's running configuration?

Do update what authentication server are you using, aruba?

Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
CreatePlease to create content