how to assign a connection profile without using group drop-down list or group URL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2013 06:39 PM
Hi Guys, i've configured 4 connection profiles (IT,HR,Admon,VIP) on the asa everything works well, but our boss wants to know if it's possible to assign the right connection profile without using group drop-down list, what he wants is to use a unique connection profile (non-default) and via radius attributes using ACS 5.X to assing the right profile.
Thanks in advance
Oscar
- Labels:
-
VPN

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2013 06:50 PM
Yes you can.
Please find attached the config guide to achieve that.
Hope that helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2013 05:20 PM
Hi Jennifer, your idea works fine with ssl profiles, however besides "IT,HR,Admon,VIP" ssl profiles we have an ipsec profile and this solution is not allowing to connect vpn users who use the ipsec profile.
Is there a way to differenciate ssl profiles from ipsec profiles? i've tried to use "CVPN3000/ASA/PIX7.x-DAP-Tunnel-Group-Name" in the service selection rule or authorization profile of vpn users but with no luck.
Thank you so much for your support
Oscar

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2013 05:27 PM
Do you have the same group-policy configured for both SSL and IPSec VPN? or are they different policies?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2013 06:01 PM
No, they use different policies

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2013 06:23 PM
Any particular reason why IPSec and SSL tunnel has different policy?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-10-2013 06:35 PM
IPsec profile belong to a newly acquired company and dns servers are different
