cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
710
Views
0
Helpful
2
Replies

SSL VPN Authentication using different Identity Sources Sequences

Si
Level 1
Level 1

Morning,

At the moment we have setup SSL vpns that pass security to ACS. This is acomplished using strong authentication. On ACS the

Identity Sources Sequence  is OTP then AD.


We would like to setup on the same firewall a select few users that just abide by AD authentication, these will have a different tunnel group name etc when making the connection.

On ACS im not sure how i would setup two Identidy Sources Sequence to this effect using the same  Service Selection Rule. At the moment i have IF RADIUS and IP is XXX then use XXX policy


We are currently installed ISE so in the not to distant future is ACS cannot do this can ISE?
If this is confusing i can expand were nesscessary
Thanks

S

1 Accepted Solution

Accepted Solutions

hi,

I don't remember how it looked like on ACS but on ISE its quite flexible

so the rule is simple

if the radius request comes forma ASA device type then check tunnel-group-name attribute (146) and accourding to string value choose LOCAL or AD store.

hope this helps

regards

View solution in original post

2 Replies 2

hi,

I don't remember how it looked like on ACS but on ISE its quite flexible

so the rule is simple

if the radius request comes forma ASA device type then check tunnel-group-name attribute (146) and accourding to string value choose LOCAL or AD store.

hope this helps

regards

Retracted the previous statement. Yes that makes sense now.
Thanks for that

Si

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: