Using multiple AAA group policies

patrickdonlon · ‎01-26-2011

I am using the IETF class 25 option on ACS 4.x for VPN access. It's working well but I'd like to the best way to assign mutiple policies for a group.

For example I'd like to give group A users only IPSEC access and group B users IPSEC and SSL. IPSEC access will be indentical so I prefer not to create another profile and share the policy name.

Thanks

andamani · ‎01-27-2011

hmmm...

so u r saying you want to lock the user in a tunnel group? you can push the group-lock attribute in that case.

or is it like you want to push more than one group-policy to a user? if so, then i don't think you can do that. i.e. assign multiple group-policy to a user connecting to a tunnel-group is not possible.

how many tunnel-groups you have? and what is it exactly that you want to achieve?

Regards,

Anisha

P.S.: Please mark this thread as resolved if you feel your query is answered.

patrickdonlon · ‎01-27-2011

I've a number of groups currently working fine with group lock enabled but for IPsec VPN. What I want to do is allow groups of users within these groups access to SSL VPN. So for example if Group A has access to IPsec already, I'd like to have a subnet of Group A have access to SSL.

I can share the policy names between the different type of access but would like to avoid this if possible, as I would have to create more IPsec groups, thanks

andamani · ‎01-27-2011

Hi,

The requirement is still not clear to me.

Are you talking regarding the feature "vpn-tunnel-protocol Ipsec webvpn" defined under the group-policy.

will the tunnel-groups be same or different?

Regards,
Anisha