Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
743
Views
0
Helpful
1
Replies

Firepower FMC Remote Access VPN & Cisco ISE override group policy

star btsistem
Level 1
Level 1

‎01-28-2020 05:26 AM - edited ‎02-21-2020 11:13 AM

Hi,

 

We have Firepower FMC 6.4 as RA VPN device and Cisco ISE 2.3 as radius server. We have one connection profile and different group policies on Firepower. We want to use different group policies for different AD groups. on ISE we have configured ASA VPN attribute as the name of the group policy created on Firepower. ISE is working correctly and it says on logs it applies the correct ASA VPN attribute but on firepower it could not override group policy. Every user hits the group policy defined on connection profile.

 

If we create different connection profile with different aliases it works but we do not work on this way because we do not want clients to see and choose alias.

 

Thanks,

 

0 Helpful
1 Reply 1

Greg Gibbs
Cisco Employee
Cisco Employee

‎01-28-2020 01:37 PM

Just to close the loop on this for others, I see this question was also posted and answered on the FirePOWER board

0 Helpful
Customers Also Viewed These Support Documents