Hello all, I am tryingto replace a VPN3000 with an ASA (8.4) for remote access. We use Cisco ACS for authorization and accounting, and RSA for authorization.
On the VPN3000 we were able to pass the Split-Tunnel list to restrict users access to only specified IP's.
I am trying to replicate the same on the ASA. I understand that I can create access-lists that will limit user access, and I am trying to understand how to assign an access list to the user based on the Radius attribute - [3076\027] IPSec-Split-Tunnel-List.
Is this done using the Dynamic Acccess Policy?
How do I assign the Radius Attribute of the IPSec-Split-Tunnel-List to the dynamic policy?
Any help will be greatly appreciated.
Dima.