collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?
« previous next »
Pages: [1]

Author Topic: ASA AnyConnect Tunnel Policy Selection for ISE Radius  (Read 26740 times)

rthurber

  • Guest
ASA AnyConnect Tunnel Policy Selection for ISE Radius
« on: August 18, 2013, 01:38:35 PM »
I'm trying to figure out how to provide unique tunnel policies based on Active Directory groups. I have ASA pointing AnyConnect VPN users to ISE for Radius. In Radius, Authentication is working fine. And I have a Authorization Policy that allows users of a AD group to gain access, but I need to have 2 or moth authorization policies that allow access based on groups. Those Authorizations would then be assigned to unique tunnel policies on the ASA.
« Last Edit: August 18, 2013, 02:24:23 PM by Administrator »
Logged

Offline cisco

  • Cisco Intermediate User
  • ***
  • Posts: 4
  • Reputation: 146
  • Certification: CCNP
Re: ASA AnyConnect Tunnel Policy Selection for ISE Radius
« Reply #1 on: August 18, 2013, 01:47:21 PM »
If I understand your question, I think you need to set a Radius attribute (Class 25) under the individual rules Authorization profile. To do this you'll need to do a couple of things:
- Create a custom Radius Diction for Class 25
- Create a new Authorization Profile (similar to "PermitAccess" but in additional to permit, you will also set the AnyConnect users VPN tunnel policy via the "OU=TunnelPolicyName" attribute

Let me know if you have any questions. And by the way....

YOUUURRR~~ WELCOME!! j/k
Logged

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: ASA AnyConnect Tunnel Policy Selection for ISE Radius
« Reply #2 on: August 18, 2013, 05:59:34 PM »
You are not allowed to view links. Register or Login
If I understand your question, I think you need to set a Radius attribute (Class 25) under the individual rules Authorization profile. To do this you'll need to do a couple of things:
- Create a custom Radius Diction for Class 25
- Create a new Authorization Profile (similar to "PermitAccess" but in additional to permit, you will also set the AnyConnect users VPN tunnel policy via the "OU=TunnelPolicyName" attribute

Let me know if you have any questions. And by the way....

YOUUURRR~~ WELCOME!! j/k

Thanks for the solution
Logged
Pages: [1]
« previous next »
 

Related Topics

  Subject / Started by Replies Last post
2 Replies
15673 Views 		Last post October 09, 2014, 12:55:10 AM
by ModSheVit
1 Replies
13993 Views 		Last post August 05, 2015, 05:53:50 AM
by MC
1 Replies
34097 Views 		Last post January 02, 2018, 04:54:56 AM
by MC
3 Replies
52736 Views 		Last post January 23, 2024, 10:45:24 PM
by MC
3 Replies
65482 Views 		Last post April 21, 2024, 09:13:05 PM
by MC

SimplePortal 2.3.7 © 2008-2024, SimplePortal