collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: ASA AnyConnect Tunnel Policy Selection for ISE Radius  (Read 10033 times)

rthurber

  • Guest
ASA AnyConnect Tunnel Policy Selection for ISE Radius
« on: August 18, 2013, 01:38:35 PM »
I'm trying to figure out how to provide unique tunnel policies based on Active Directory groups. I have ASA pointing AnyConnect VPN users to ISE for Radius. In Radius, Authentication is working fine. And I have a Authorization Policy that allows users of a AD group to gain access, but I need to have 2 or moth authorization policies that allow access based on groups. Those Authorizations would then be assigned to unique tunnel policies on the ASA.
« Last Edit: August 18, 2013, 02:24:23 PM by Administrator »

Offline cisco

  • Cisco Intermediate User
  • ***
  • Posts: 4
  • Reputation: 146
  • Certification: CCNP
Re: ASA AnyConnect Tunnel Policy Selection for ISE Radius
« Reply #1 on: August 18, 2013, 01:47:21 PM »
If I understand your question, I think you need to set a Radius attribute (Class 25) under the individual rules Authorization profile. To do this you'll need to do a couple of things:
- Create a custom Radius Diction for Class 25
- Create a new Authorization Profile (similar to "PermitAccess" but in additional to permit, you will also set the AnyConnect users VPN tunnel policy via the "OU=TunnelPolicyName" attribute

Let me know if you have any questions. And by the way....

YOUUURRR~~ WELCOME!! j/k

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 398
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: ASA AnyConnect Tunnel Policy Selection for ISE Radius
« Reply #2 on: August 18, 2013, 05:59:34 PM »
You are not allowed to view links. Register or Login
If I understand your question, I think you need to set a Radius attribute (Class 25) under the individual rules Authorization profile. To do this you'll need to do a couple of things:
- Create a custom Radius Diction for Class 25
- Create a new Authorization Profile (similar to "PermitAccess" but in additional to permit, you will also set the AnyConnect users VPN tunnel policy via the "OU=TunnelPolicyName" attribute

Let me know if you have any questions. And by the way....

YOUUURRR~~ WELCOME!! j/k

Thanks for the solution

 

Related Topics

  Subject / Started by Replies Last post
2 Replies
7169 Views
Last post October 09, 2014, 12:55:10 AM
by ModSheVit
1 Replies
6056 Views
Last post August 05, 2015, 05:53:50 AM
by MC
0 Replies
5945 Views
Last post October 22, 2015, 01:07:45 AM
by sherief
1 Replies
5725 Views
Last post January 02, 2018, 04:54:56 AM
by MC
3 Replies
425 Views
Last post January 23, 2024, 10:45:24 PM
by MC

SimplePortal 2.3.7 © 2008-2024, SimplePortal