https://community.cisco.com/t5/network-access-control/using-multiple-aaa-group-policies/m-p/1631954#M305903 <HTML><HEAD></HEAD><BODY><P>hmmm...</P><P></P><P>so u r saying you want to lock the user in a tunnel group? you can push the group-lock attribute in that case.</P><P></P><P>or is it like you want to push more than one group-policy to a user? if so, then i don't think you can do that. i.e. assign multiple group-policy to a user connecting to a tunnel-group is not possible.</P><P></P><P>how many tunnel-groups you have? and what is it exactly that you want to achieve?</P><P></P><P>Regards,</P><P>Anisha</P><P></P><P>P.S.: Please mark this thread as resolved if you feel your query is answered.</P></BODY></HTML> Thu, 27 Jan 2011 13:46:51 GMT andamani 2011-01-27T13:46:51Z https://community.cisco.com/t5/network-access-control/using-multiple-aaa-group-policies/m-p/1631953#M305859 <P>I am using the IETF class 25 option on ACS 4.x for VPN access. It's working well but I'd like to the best way to assign mutiple policies for a group.</P><P></P><P>For example I'd like to give group A users only IPSEC access and group B users IPSEC and SSL. IPSEC access will be indentical so I prefer not to create another profile and share the policy name.</P><P></P><P>Thanks</P> Mon, 11 Mar 2019 00:45:27 GMT https://community.cisco.com/t5/network-access-control/using-multiple-aaa-group-policies/m-p/1631953#M305859 patrickdonlon 2019-03-11T00:45:27Z https://community.cisco.com/t5/network-access-control/using-multiple-aaa-group-policies/m-p/1631954#M305903 <HTML><HEAD></HEAD><BODY><P>hmmm...</P><P></P><P>so u r saying you want to lock the user in a tunnel group? you can push the group-lock attribute in that case.</P><P></P><P>or is it like you want to push more than one group-policy to a user? if so, then i don't think you can do that. i.e. assign multiple group-policy to a user connecting to a tunnel-group is not possible.</P><P></P><P>how many tunnel-groups you have? and what is it exactly that you want to achieve?</P><P></P><P>Regards,</P><P>Anisha</P><P></P><P>P.S.: Please mark this thread as resolved if you feel your query is answered.</P></BODY></HTML> Thu, 27 Jan 2011 13:46:51 GMT https://community.cisco.com/t5/network-access-control/using-multiple-aaa-group-policies/m-p/1631954#M305903 andamani 2011-01-27T13:46:51Z https://community.cisco.com/t5/network-access-control/using-multiple-aaa-group-policies/m-p/1631955#M305938 <HTML><HEAD></HEAD><BODY><P>I've a number of groups currently working fine with group lock enabled but for IPsec VPN. What I want to do is allow groups of users within these groups access to SSL VPN. So for example if Group A has access to IPsec already, I'd like to have a subnet of&nbsp; Group A have access to SSL.</P><P></P><P>I can share the policy names between the different type of access but would like to avoid this if possible, as I would have to create more IPsec groups, thanks</P></BODY></HTML> Thu, 27 Jan 2011 14:43:45 GMT https://community.cisco.com/t5/network-access-control/using-multiple-aaa-group-policies/m-p/1631955#M305938 patrickdonlon 2011-01-27T14:43:45Z https://community.cisco.com/t5/network-access-control/using-multiple-aaa-group-policies/m-p/1631956#M306000 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>The requirement is still not clear to me.</P><P></P><P>Are you talking regarding the feature "vpn-tunnel-protocol Ipsec webvpn" defined under the group-policy.</P><P></P><P>will the tunnel-groups be same or different?</P><P></P><P>Regards,<BR />Anisha</P></BODY></HTML> Fri, 28 Jan 2011 01:28:13 GMT https://community.cisco.com/t5/network-access-control/using-multiple-aaa-group-policies/m-p/1631956#M306000 andamani 2011-01-28T01:28:13Z