Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic


ACS 5.x / AD /w ASA VPN and group lock

Hello all.  I'm trying to setup ACS 5.2 with an ASA v8.3.2 to lock users into VPN groups based on a users AD group.  I've tried various combinations but the group lock isn't working.  I've done steps 1 & 2 ...

1) Network Devices and AAA Clients -> Define VPN

2) Users and Identity Stores -> Setup AD and Directory Groups, test connection

... All good with that.  Here is what I don't get.

Policy Elements:

Q1) Policy Elements - Do I need an authorization profile for each group:

Q2) What RADIUS attributes should I use to match my ASA tunnel-groups?

RADIUS-IETF attribute 25?

RADIUS-Cisco VPN 3000/ASA/PIX 7.x 85 (Tunnel-Group-Lock)?


Access Policies:

Q1) Do I need to enable and use group mapping?

Q2) Do I need a Network Access Authorization Policy for each group?

These are basic questions I know, but there are a number of possibilities and it just isn't clear to me how it should be.  Any help is appreciated.

Who Me Too'd this topic