https://community.cisco.com/t5/network-access-control/asa-anyconnect-connection-profiles-with-radius-restrict-access/m-p/2822365#M40442 <P>Solved the problem by using DAP and LDAP authentication servers instead of RADIUS/NPS.</P> <P>Although, I still would be interested in a solution for when using RADIUS authentication.</P> Thu, 11 Feb 2016 13:19:31 GMT tgregorics 2016-02-11T13:19:31Z https://community.cisco.com/t5/network-access-control/asa-anyconnect-connection-profiles-with-radius-restrict-access/m-p/2822364#M40441 <P>Hi,</P> <P></P> <P>We have a working setup of ASA AnyConnect with RADIUS authentication. The RADIUS server is an NPS running on Windows.</P> <P>We need to be able to restrict users to separate connection profiles (or group policies), via RADIUS and windows AD groups. I think we can do this with radius attribute 25.</P> <P>My question: if a user must have access to multiple connection profiles/group policies, how can we solve it? I think, NPS would match the first network policy with the AD group membership and would return only one attribute 25.</P> <P></P> <P>Thank you.</P> Mon, 11 Mar 2019 06:28:47 GMT https://community.cisco.com/t5/network-access-control/asa-anyconnect-connection-profiles-with-radius-restrict-access/m-p/2822364#M40441 tgregorics 2019-03-11T06:28:47Z https://community.cisco.com/t5/network-access-control/asa-anyconnect-connection-profiles-with-radius-restrict-access/m-p/2822365#M40442 <P>Solved the problem by using DAP and LDAP authentication servers instead of RADIUS/NPS.</P> <P>Although, I still would be interested in a solution for when using RADIUS authentication.</P> Thu, 11 Feb 2016 13:19:31 GMT https://community.cisco.com/t5/network-access-control/asa-anyconnect-connection-profiles-with-radius-restrict-access/m-p/2822365#M40442 tgregorics 2016-02-11T13:19:31Z