Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3683
Views
5
Helpful
3
Replies

Multiple VPN groups on the ASA firewall

Go to solution
jeanaguemon
Level 1
Level 1

‎08-27-2010 08:11 AM

I have a remote VPN configured in my ASA firewall with a VPN group of users configured on the external ACS. The group called VPNASA authenticate thru the ACS server and the ip pool server is on the ASA firewall. Now my boss asked me to configure a second VPN group called VPNSALES on the ACS server for the same remote VPN on the ASA firewall. How do I configure the ASA firewall to accept both group and authenticate to the same ACS server ? I have never done this before so I need help.

Thanks so much !

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
manish arora
Level 6
Level 6

‎08-27-2010 09:31 AM

Hi ,

all that you need to do is to create another group policy and attach it to a tunnel group :-

group-policy vpnsales internal

group-policy vpnsales attributes

banner -- VPN access for sales team

dns-server value x.x.x.x

split-tunnel policy tunnelspecified

split-tunnel-network-list value split-sales

address-pools sales-pool

default-domain-value mydomain.com

tunnel-group vpnsales type remote-access

tunnel-group vpnsales general-attributes

authentication-server-group vpnsales

default-group-policy vpnsales

tunnel-group vpnsales ipsec-attri

pre-share-key @@@@

you will also create an attribute map named vpnsales for acs auth.

Thanks

Manish

View solution in original post

3 Replies 3

Go to solution
terrygwazdosky
Level 1
Level 1

‎08-27-2010 09:30 AM

You can create seperate tunnel groups and policies on the ASA.  If you are managing all restrictions on the ACS then you don't really need to do this.


I have 2 VPN groups on my ASA.  "VPN" is for regualr users and "NetOps" is for engineers.  I also have several groups on the ACS and manage restrictions with downloadable access lists.

0 Helpful

Go to solution
manish arora
Level 6
Level 6

‎08-27-2010 09:31 AM

Hi ,

all that you need to do is to create another group policy and attach it to a tunnel group :-

group-policy vpnsales internal

group-policy vpnsales attributes

banner -- VPN access for sales team

dns-server value x.x.x.x

split-tunnel policy tunnelspecified

split-tunnel-network-list value split-sales

address-pools sales-pool

default-domain-value mydomain.com

tunnel-group vpnsales type remote-access

tunnel-group vpnsales general-attributes

authentication-server-group vpnsales

default-group-policy vpnsales

tunnel-group vpnsales ipsec-attri

pre-share-key @@@@

you will also create an attribute map named vpnsales for acs auth.

Thanks

Manish

Go to solution
jeanaguemon
Level 1
Level 1
In response to manish arora

‎08-31-2010 07:23 AM

Thanks. That did the trick and it is working. Thanks a lot !!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents