Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
549
Views
0
Helpful
3
Replies

ACS 5.2 Access Policy processing

Go to solution
jlhainy
Level 2
Level 2

‎01-21-2011 01:34 PM - edited ‎03-10-2019 05:44 PM

I have created two Access Services... One for VPN, one for wireless.  The VPN access policy is the first in the list and the Wireless one is the second.  Every time I try to authentication using the wireless policy, my vpn policy is the one that actually process the request.  Now because both of the Access Services use Radius, does that mean I cannot have More than 2 Radius Access services?  Do I need to combine these into one?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Lovison
Cisco Employee
Cisco Employee

‎01-25-2011 12:26 AM

Hi,

Sure that you can have more than one Access Service using RADIUS.

You need to make sure that RADIUS is not the only condition on the Service Selection Policy though.

You may want to add a condition to the Service Selection Policy matching the Network Device Group, and of course you would have to assign the Wireless and VPN devices to different NDGs.

Check the "customize" button on the SSP config in order to add more conditions:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/access_policies.html#wp1052733

I hope this helps.

Regards,

Federico

--
If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Federico Lovison
Cisco Employee
Cisco Employee

‎01-25-2011 12:26 AM

Hi,

Sure that you can have more than one Access Service using RADIUS.

You need to make sure that RADIUS is not the only condition on the Service Selection Policy though.

You may want to add a condition to the Service Selection Policy matching the Network Device Group, and of course you would have to assign the Wireless and VPN devices to different NDGs.

Check the "customize" button on the SSP config in order to add more conditions:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/access_policies.html#wp1052733

I hope this helps.

Regards,

Federico

--
If this answers your question please mark the question as "answered" and rate it, so other users can easily find it.

0 Helpful

Go to solution
jlhainy
Level 2
Level 2
In response to Federico Lovison

‎01-25-2011 08:05 AM

Yeah, I found that before I got your post.  It works well!  I am finally getting the hang of ACS 5.2 policies.... it took me a while though.

0 Helpful

Go to solution
Federico Lovison
Cisco Employee
Cisco Employee
In response to jlhainy

‎01-25-2011 08:44 AM

Great!

Thanks for confirming this is solved now :-)

Regards,

Federico

0 Helpful
Customers Also Viewed These Support Documents