Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

VPN with multiple authentication servers

I've some questions about possibilities of the Cisco ASA.

I'm working in a large organization and I need to implement a IPSec VPN Solutions.

Our organization works with a few other large organization and users of the other organizations

must have acces to our VPN solutions. For authentication we thought about placing a RADIUS Server

that forwards the user credentials to our LDAP server, or to RADIUS server of the other organizations.

Thereby we are thinking by placing @organization so that the RADIUS server knows to which

authentication server forward the request.

Configuring this is not a problem but we would like that the RADIUS (no ACS)server sends back to the

ASA which organization (group) the user belongs to so that we can configure groups on the ASA.

So that the users get a specific IP adres that belongs to that group.

So my questions is understand the ASA sending back a group from the radius server so that we

can localy configure groups with there policies?

Or can anyone give me a other advise?


Re: VPN with multiple authentication servers

You can make the user authenticate to Radius server and map the Radius group to ASA group. Let's say you want to lock a user abc123 into group Employee . Then on the radius server define IETF attribute 25 Class "OU=RemotePolicy;" for this user. Basically the OU set the group policy for this user and in the group policy you lock the user into the tunnel-group that you want.

CreatePlease to create content