https://community.cisco.com/t5/network-access-control/remote-access-vpn-with-ise/m-p/2825181#M41048 <P>Hi Philip,</P> <P>Good Day!</P> <P>Just to clarify, I will used this attribute as the condition in my authorization rule right in ISE?</P> <P>Thanks</P> Tue, 12 Jan 2016 05:23:57 GMT fatalXerror 2016-01-12T05:23:57Z https://community.cisco.com/t5/network-access-control/remote-access-vpn-with-ise/m-p/2825179#M41046 <P>Hi Guys,</P> <P>Good Day!</P> <P>May I ask if it is possible in ISE 1.4 for me to configure authorization profile to check if User1 tries to connect to a specific tunnel-group which is configured in the ASA?</P> <P>Thank you and have a nice day!</P> <P>Cheers</P> Mon, 11 Mar 2019 06:23:04 GMT https://community.cisco.com/t5/network-access-control/remote-access-vpn-with-ise/m-p/2825179#M41046 fatalXerror 2019-03-11T06:23:04Z https://community.cisco.com/t5/network-access-control/remote-access-vpn-with-ise/m-p/2825180#M41047 <P>You need to use the Tunnel Group Lock option. Take a look at this post.&nbsp;</P> <P><A href="https://supportforums.cisco.com/discussion/11402831/connection-profile-tunnel-group-lock">https://supportforums.cisco.com/discussion/11402831/connection-profile-tunnel-group-lock</A></P> Tue, 12 Jan 2016 05:19:28 GMT https://community.cisco.com/t5/network-access-control/remote-access-vpn-with-ise/m-p/2825180#M41047 Philip D'Ath 2016-01-12T05:19:28Z https://community.cisco.com/t5/network-access-control/remote-access-vpn-with-ise/m-p/2825181#M41048 <P>Hi Philip,</P> <P>Good Day!</P> <P>Just to clarify, I will used this attribute as the condition in my authorization rule right in ISE?</P> <P>Thanks</P> Tue, 12 Jan 2016 05:23:57 GMT https://community.cisco.com/t5/network-access-control/remote-access-vpn-with-ise/m-p/2825181#M41048 fatalXerror 2016-01-12T05:23:57Z https://community.cisco.com/t5/network-access-control/remote-access-vpn-with-ise/m-p/2825182#M41049 <P>I don't know. &nbsp;My guess is yes. &nbsp;I have only used this with other products. &nbsp;I just know the ASA needs to receive it.</P> Tue, 12 Jan 2016 06:33:37 GMT https://community.cisco.com/t5/network-access-control/remote-access-vpn-with-ise/m-p/2825182#M41049 Philip D'Ath 2016-01-12T06:33:37Z https://community.cisco.com/t5/network-access-control/remote-access-vpn-with-ise/m-p/2825183#M41050 <P>Visit ISE policy &gt; policy elements &gt; conditions &gt; In the condition inside advanced attributes select an attribute - "<STRONG>Cisco-VPN3000:Cisco-VPN3000:CVPN3000/ASA/PIX7x-Tunnel-Group-Lock" Equals &lt;tunnel-group-name&gt;. </STRONG>Once done call this condition in the authorization rule and give appropriate permissions. Make sure this attribute or something similar like "<STRONG>Tunnel-group-name"</STRONG> is coming in the radius request</P> <P>Regards,</P> <P>Jatin</P> Tue, 12 Jan 2016 10:21:52 GMT https://community.cisco.com/t5/network-access-control/remote-access-vpn-with-ise/m-p/2825183#M41050 Jatin Katyal 2016-01-12T10:21:52Z