Hi,
For EasyVPN we can assign the user's Group Policy from RADIUS using IETF-RADIUS-Class = OU=EASYVPN ASA >= 8.2 and greater documentation says to use the Group-Policy attribute (VSA 3076\25) instead; in preference to the Class attribute - but this doesn't work!! "Sets the group policy for the remote access VPN session. For version 8.2 and later, use this attribute instead of IETF-Radius-Class" This VSA (3076\25) doesn't exist in my version of ACS but I tried it with FreeRadius. The result is: this doesn't work; ASA receives this attribute and correctly interprets it as the Group-Policy attribute. But then ignores it. For 8.2 and above, RADIUS Class attribute still works. I tried setting CVPN3000-Group-Policy to EASYVPN OU=EASYVPN OU=EASYVPN; but in all instances ASA did not use it to assign the user Group Policy. Cisco ASA documentation - FAIL! Cheers Richard
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
