Mapping Split tunnel list value from Radius (ACS) to ASA for remote access VPN.
Hello all, I am tryingto replace a VPN3000 with an ASA (8.4) for remote access. We use Cisco ACS for authorization and accounting, and RSA for authorization.
On the VPN3000 we were able to pass the Split-Tunnel list to restrict users access to only specified IP's.
I am trying to replicate the same on the ASA. I understand that I can create access-lists that will limit user access, and I am trying to understand how to assign an access list to the user based on the Radius attribute - [3076\027] IPSec-Split-Tunnel-List.
Is this done using the Dynamic Acccess Policy?
How do I assign the Radius Attribute of the IPSec-Split-Tunnel-List to the dynamic policy?
Mapping Split tunnel list value from Radius (ACS) to ASA for rem
I found out that for Dynamic Access Policy the Radius attibute equals 4096 + RADIUS ID. So I configured DAP to look for Radius attribute of 4123 (4096+27 which is the value for IPSec Split Tunnel in Radius). But testing it with Remote Access VPN there is not split tunneling.
The question is how do I apply this Dynamic Access policy to the remote vpn users?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...