Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1311
Views
0
Helpful
1
Replies

Anyconnect AAA -> determine group policy with RADIUS or TACACS+

stephen.crim
Level 1
Level 1

‎09-16-2013 03:17 PM - edited ‎02-21-2020 07:09 PM

We've got a 5510 SecPlus (actually a pair) and I'm configuring new active directory backed VPN services using Aruba Clearpass Policy Manager. CPPM lets me send arbitrary tacacs or radius attributes based on the LDAP attributes in AD. So what I'd like to know is: can I configure the Connection Profile to assign a group policy dynamically based on what the auth server kicks back?

I'm fairly certain I could map certain users to certain connection profiles and have my users select the appropriate connection profile from the drop down, then restrict access to each connection profile with clearpass. It'd be much more elegant if I could have a single connection profile with a dynamically selected group policy.

ASA 8.0.2

Labels:
0 Helpful
1 Reply 1

Jatin Katyal
Cisco Employee
Cisco Employee

‎09-16-2013 06:26 PM

Well connection profile can be assisned dynamically from radius server with backend database as AD/LDAP?

What protocol are you using between ASA and Authentication server?

Can you reply with ASA's running configuration?

Do update what authentication server are you using, aruba?

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents