how to assign a connection profile without using group drop-dow

ochalmers · ‎03-09-2013

Hi Guys, i've configured 4 connection profiles (IT,HR,Admon,VIP) on the asa everything works well, but our boss wants to know if it's possible to assign the right connection profile without using group drop-down list, what he wants is to use a unique connection profile (non-default) and via radius attributes using ACS 5.X to assing the right profile.

Thanks in advance

Oscar

Jennifer Halim · ‎03-09-2013

Yes you can.

Please find attached the config guide to achieve that.

Hope that helps.

ochalmers · ‎03-10-2013

Hi Jennifer, your idea works fine with ssl profiles, however besides "IT,HR,Admon,VIP" ssl profiles we have an ipsec profile and this solution is not allowing to connect vpn users who use the ipsec profile.

Is there a way to differenciate ssl profiles from ipsec profiles? i've tried to use "CVPN3000/ASA/PIX7.x-DAP-Tunnel-Group-Name" in the service selection rule or authorization profile of vpn users but with no luck.

Thank you so much for your support
Oscar

Jennifer Halim · ‎03-10-2013

Do you have the same group-policy configured for both SSL and IPSec VPN? or are they different policies?

ochalmers · ‎03-10-2013

No, they use different policies

Jennifer Halim · ‎03-10-2013

Any particular reason why IPSec and SSL tunnel has different policy?

ochalmers · ‎03-10-2013

IPsec profile belong to a newly acquired company and dns servers are different

how to assign a connection profile without using group drop-down list or group URL