I'm having issues with configuring AnyConnect with SSL authenticating with Radius ACS. What i'm trying to do it the following.
Configured AnyConnect on the ASA and i have more than 20 groups and i have used group lock to lock group but in each group i have like more than 20 users. So what i need now is i want the users to be authenticated by the ACS into their relevant groups. find my config for the AnyConnect webvpn svc ask enable group-policy Sales internal group-policy Sales attributes group-lock value Sales ip local pool SSLPOOL 10.236.0.48-10.236.0.63 mask 255.255.255.240 same-security-traffic permit intra-interface webvpn enable mgmnt svc image disk0:/anyconnect-win-2.3.0254-k9.pkg svc enable tunnel-group-list enable group-policy clientgroup internal group-policy clientgroup attributes group-lock value sslgroup vpn-tunnel-protocol svc split-tunnel-policy tunnelall webvpn svc keep-installer installed svc rekey time 30 svc rekey method ssl svc ask none default svc username ssluser password password tunnel-group sslgroup type remote-access tunnel-group sslgroup general-attributes address-pool SSLPOOL default-group-policy clientgroup tunnel-group sslgroup webvpn-attributes group-alias sslgroup_users enable webvpn enable mgmnt svc image disk0:/anyconnect-win-2.3.0254-k9.pkg svc enable tunnel-group-list enable group-policy Sales internal group-policy Sales attributes username sale password password username sale attributes group-lock value Sales vpn-tunnel-protocol svc split-tunnel-policy tunnelall webvpn svc keep-installer installed svc rekey time 30 svc rekey method ssl svc ask none default svc tunnel-group sale type remote-access tunnel-group Sales general-attributes address-pool SSLPOOL default-group-policy Sales tunnel-group Sales webvpn-attributes group-alias Sales enable webvpn enable mgmnt svc image disk0:/anyconnect-win-2.3.0254-k9.pkg svc enable tunnel-group-list enable group-policy MTNSA internal group-policy MTNSA attributes username mtn password password username mtn attributes group-lock value MTNSA vpn-tunnel-protocol svc tunnel-group-list enable group-policy MTNSA internal group-policy MTNSA attributes username mtn1 password password username mtn1 attributes group-lock value MTNSA vpn-tunnel-protocol svc split-tunnel-policy tunnelall webvpn svc keep-installer installed svc rekey time 30 svc rekey method ssl svc ask none default svc tunnel-group MTNSA type remote-access tunnel-group MTNSA general-attributes address-pool SSLPOOL default-group-policy MTNSA tunnel-group MTNSA webvpn-attributes group-alias MTNSA enable tunnel-group-list enable group-policy CCIE internal group-policy CCIE attributes username ccie password password username ccie attributes group-lock value CCIE vpn-tunnel-protocol svc Thanks Elliot
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
