Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multiple VPN groups on the ASA firewall

I have a remote VPN configured in my ASA firewall with a VPN group of users configured on the external ACS. The group called VPNASA authenticate thru the ACS server and the ip pool server is on the ASA firewall. Now my boss asked me to configure a second VPN group called VPNSALES on the ACS server for the same remote VPN on the ASA firewall. How do I configure the ASA firewall to accept both group and authenticate to the same ACS server ? I have never done this before so I need help.

Thanks so much !

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Multiple VPN groups on the ASA firewall

Hi ,

all that you need to do is to create another group policy and attach it to a tunnel group :-

group-policy vpnsales internal

group-policy vpnsales attributes

banner -- VPN access for sales team

dns-server value x.x.x.x

split-tunnel policy tunnelspecified

split-tunnel-network-list value split-sales

address-pools sales-pool

default-domain-value mydomain.com

tunnel-group vpnsales type remote-access

tunnel-group vpnsales general-attributes

authentication-server-group vpnsales

default-group-policy vpnsales

tunnel-group vpnsales ipsec-attri

pre-share-key @@@@

you will also create an attribute map named vpnsales for acs auth.

Thanks

Manish

3 REPLIES
New Member

Re: Multiple VPN groups on the ASA firewall

You can create seperate tunnel groups and policies on the ASA.  If you are managing all restrictions on the ACS then you don't really need to do this.


I have 2 VPN groups on my ASA.  "VPN" is for regualr users and "NetOps" is for engineers.  I also have several groups on the ACS and manage restrictions with downloadable access lists.

Re: Multiple VPN groups on the ASA firewall

Hi ,

all that you need to do is to create another group policy and attach it to a tunnel group :-

group-policy vpnsales internal

group-policy vpnsales attributes

banner -- VPN access for sales team

dns-server value x.x.x.x

split-tunnel policy tunnelspecified

split-tunnel-network-list value split-sales

address-pools sales-pool

default-domain-value mydomain.com

tunnel-group vpnsales type remote-access

tunnel-group vpnsales general-attributes

authentication-server-group vpnsales

default-group-policy vpnsales

tunnel-group vpnsales ipsec-attri

pre-share-key @@@@

you will also create an attribute map named vpnsales for acs auth.

Thanks

Manish

New Member

Re: Multiple VPN groups on the ASA firewall

Thanks. That did the trick and it is working. Thanks a lot !!

1357
Views
5
Helpful
3
Replies
CreatePlease login to create content