https://community.cisco.com/t5/network-access-control/assign-vpn-group-policy-via-radius-and-microsoft-nps-server/m-p/1254476#M373386 <HTML><HEAD></HEAD><BODY><P>Yes, this works just fine with Microsoft NPS.&nbsp; In a nutshell, you tell NPS to return the radius attribute 25 (It's called "Class") and assign it the value of <EM>ou=MyVPNGroupPolicy</EM>&nbsp; where MyVPNGroupPolicy is the name of your group policy in the ASA.</P><P></P><P>I want to say this option is under the standard radius attributes on one of the last configuration screens of the wizard.&nbsp; You do NOT need to configure this using an LDAP setup, you can continue to use NPS, just like you did IAS.</P></BODY></HTML> Thu, 15 Jul 2010 02:58:51 GMT Peter Noble 2010-07-15T02:58:51Z https://community.cisco.com/t5/network-access-control/assign-vpn-group-policy-via-radius-and-microsoft-nps-server/m-p/1254474#M373312 <P>Hi there,</P><P></P><P>I'm using Microsoft Network Policy server (formerly known as IAS server) for Radius Authentication. Is there a way to configure NPS so it will assign a VPN Group Policy on the ASA? Basically, I'd like to create multiple VPN group policies for different types of users and assign them via AD groups so when the user logs in to the VPN they get the Policy designed for them.</P><P></P><P>Thanks in advance,</P><P></P><P>--Brandon</P> Sun, 10 Mar 2019 23:34:14 GMT https://community.cisco.com/t5/network-access-control/assign-vpn-group-policy-via-radius-and-microsoft-nps-server/m-p/1254474#M373312 branfarm1 2019-03-10T23:34:14Z https://community.cisco.com/t5/network-access-control/assign-vpn-group-policy-via-radius-and-microsoft-nps-server/m-p/1254475#M373359 <HTML><HEAD></HEAD><BODY><P>See the below config example:-</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml" target="_blank">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml</A></P><P></P><P>HTH&gt;</P></BODY></HTML> Tue, 30 Jun 2009 08:00:14 GMT https://community.cisco.com/t5/network-access-control/assign-vpn-group-policy-via-radius-and-microsoft-nps-server/m-p/1254475#M373359 andrew.prince 2009-06-30T08:00:14Z https://community.cisco.com/t5/network-access-control/assign-vpn-group-policy-via-radius-and-microsoft-nps-server/m-p/1254476#M373386 <HTML><HEAD></HEAD><BODY><P>Yes, this works just fine with Microsoft NPS.&nbsp; In a nutshell, you tell NPS to return the radius attribute 25 (It's called "Class") and assign it the value of <EM>ou=MyVPNGroupPolicy</EM>&nbsp; where MyVPNGroupPolicy is the name of your group policy in the ASA.</P><P></P><P>I want to say this option is under the standard radius attributes on one of the last configuration screens of the wizard.&nbsp; You do NOT need to configure this using an LDAP setup, you can continue to use NPS, just like you did IAS.</P></BODY></HTML> Thu, 15 Jul 2010 02:58:51 GMT https://community.cisco.com/t5/network-access-control/assign-vpn-group-policy-via-radius-and-microsoft-nps-server/m-p/1254476#M373386 Peter Noble 2010-07-15T02:58:51Z https://community.cisco.com/t5/network-access-control/assign-vpn-group-policy-via-radius-and-microsoft-nps-server/m-p/4119853#M561739 <P>I did like you said with multiple group policy name in an ASA 5512. But my problem is that any user from AD can log in any group even if they are not in the group in AD. Please help</P> Thu, 16 Jul 2020 12:19:41 GMT https://community.cisco.com/t5/network-access-control/assign-vpn-group-policy-via-radius-and-microsoft-nps-server/m-p/4119853#M561739 yvesneptune 2020-07-16T12:19:41Z