Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN client to ASA authenticating to ACS

Hi,

I need some assistance with configuring the ASA to authenticate users to the groups already created on ACS. Currently working with PIX 6.3.5, but am struggling with ASA 5520 7.2.1. Not hits showing on ACS server either.

The config at current applicable to this is as follows:

aaa-server VPN_AUTH protocol radius

aaa-server VPN_AUTH host 172.19.17.222

timeout 5

key *****

!

tunnel-group Group_AF type ipsec-ra

tunnel-group Group_AF general-attributes

address-pool AF_IP_Pool

authentication-server-group (inside) VPN_AUTH

default-group-policy Group_AF

authorization-required

Thanks

David

1 REPLY
New Member

Re: VPN client to ASA authenticating to ACS

Hi David

I'm not sure if this answers your question. However you can specify the Group Policy on the ASA the VPN user receives upon login by using IETF RADIUS attribute "025 Class" under the ACS group configuration.

The correct syntax is OU=VPNpolicyname; . You must include the; on the end.

I've used this method to define differing VPN policies based upon ACS group membership.

I hope this helps.

Regards

Leon

253
Views
0
Helpful
1
Replies
CreatePlease to create content