https://community.cisco.com/t5/network-access-control/ssl-vpn-authentication-using-different-identity-sources/m-p/2213356#M112201 <HTML><HEAD></HEAD><BODY><P>Retracted the previous statement. Yes that makes sense now.<BR />Thanks for that</P><P></P><P>Si</P></BODY></HTML> Tue, 25 Jun 2013 13:31:00 GMT Si 2013-06-25T13:31:00Z https://community.cisco.com/t5/network-access-control/ssl-vpn-authentication-using-different-identity-sources/m-p/2213354#M112196 <P>Morning,</P><P></P><P>At the moment we have setup SSL vpns that pass security to ACS. This is acomplished using strong authentication. On ACS the </P><P>Identity Sources Sequence&nbsp; is <SPAN style="font-size: 10pt;">OTP then AD.</SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P>We would like to setup on the same firewall a select few users that just abide by AD authentication, these will have a different tunnel group name etc when making the connection<SPAN style="font-size: 10pt;">.</SPAN></P><P></P><P><SPAN style="font-size: 10pt;">On ACS im not sure how i would setup two Identidy Sources Sequence to this effect using the same&nbsp; Service Selection Rule. At the moment i have IF RADIUS and IP is XXX then use XXX policy</SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P>We are currently installed ISE so in the not to distant future is ACS cannot do this can ISE?<BR />If this is confusing i can expand were nesscessary<BR />Thanks</P><P>S</P> Mon, 11 Mar 2019 03:35:01 GMT https://community.cisco.com/t5/network-access-control/ssl-vpn-authentication-using-different-identity-sources/m-p/2213354#M112196 Si 2019-03-11T03:35:01Z https://community.cisco.com/t5/network-access-control/ssl-vpn-authentication-using-different-identity-sources/m-p/2213355#M112198 <HTML><HEAD></HEAD><BODY><P> hi,</P><P></P><P>I don't remember how it looked like on ACS but on ISE its quite flexible</P><P>so the rule is simple</P><P>if the radius request comes forma ASA device type then check tunnel-group-name attribute (146) and accourding to string value choose LOCAL or AD store. </P><P><IMG src="http://supportforums.cisco.com/sites/default/files/legacy/4/3/1/143134-ScreenShot481.jpg" class="jive-image" /></P><P></P><P>hope this helps</P><P></P><P>regards</P></BODY></HTML> Tue, 25 Jun 2013 13:15:21 GMT https://community.cisco.com/t5/network-access-control/ssl-vpn-authentication-using-different-identity-sources/m-p/2213355#M112198 Przemyslaw Konitz 2013-06-25T13:15:21Z https://community.cisco.com/t5/network-access-control/ssl-vpn-authentication-using-different-identity-sources/m-p/2213356#M112201 <HTML><HEAD></HEAD><BODY><P>Retracted the previous statement. Yes that makes sense now.<BR />Thanks for that</P><P></P><P>Si</P></BODY></HTML> Tue, 25 Jun 2013 13:31:00 GMT https://community.cisco.com/t5/network-access-control/ssl-vpn-authentication-using-different-identity-sources/m-p/2213356#M112201 Si 2013-06-25T13:31:00Z