cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
379
Views
0
Helpful
2
Replies
Highlighted
Si Beginner
Beginner

SSL VPN Authentication using different Identity Sources Sequences

Morning,

At the moment we have setup SSL vpns that pass security to ACS. This is acomplished using strong authentication. On ACS the

Identity Sources Sequence  is OTP then AD.


We would like to setup on the same firewall a select few users that just abide by AD authentication, these will have a different tunnel group name etc when making the connection.

On ACS im not sure how i would setup two Identidy Sources Sequence to this effect using the same  Service Selection Rule. At the moment i have IF RADIUS and IP is XXX then use XXX policy


We are currently installed ISE so in the not to distant future is ACS cannot do this can ISE?
If this is confusing i can expand were nesscessary
Thanks

S

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions

SSL VPN Authentication using different Identity Sources Sequence

hi,

I don't remember how it looked like on ACS but on ISE its quite flexible

so the rule is simple

if the radius request comes forma ASA device type then check tunnel-group-name attribute (146) and accourding to string value choose LOCAL or AD store.

hope this helps

regards

View solution in original post

2 REPLIES 2

SSL VPN Authentication using different Identity Sources Sequence

hi,

I don't remember how it looked like on ACS but on ISE its quite flexible

so the rule is simple

if the radius request comes forma ASA device type then check tunnel-group-name attribute (146) and accourding to string value choose LOCAL or AD store.

hope this helps

regards

View solution in original post

Si Beginner
Beginner

SSL VPN Authentication using different Identity Sources Sequence

Retracted the previous statement. Yes that makes sense now.
Thanks for that

Si