How to configure group lock through the RADIUS server on an ASA

Cisco, Firewall Add comments
1,738

In order to configure group lock, send the group policy name in the class attribute 25 on the Remote Authentication Dial-In User Service (RADIUS) server and choose the group to lock the user into within the policy.

For example, in order to lock the Cisco 123 user into the RemoteGroup group, define the Internet Engineering Task Force (IETF) attribute 25 class OU=RemotePolicy; for this user on the RADIUS server.

Refer to this configuration example in order to configure group lock on an Adaptive Security Appliance (ASA):

group-policy RemotePolicy internal
group-policy RemotePolicy attributes
dns-server value x.x.x.x
group-lock value RemoteGroup

tunnel-group RemoteGroup type ipsec-ra
tunnel-group RemoteGroup general-attributes
address-pool cisco
authentication-server-group RADIUS-Group
default-group-policy RemotePolicy


Tags:, , , , , , , , , , ,

Liked this article? To continue getting our latest free Howtos and Tutorials,
you can also grab the RSS feed or Subscribe to Techgurulive by Email

Not Getting



Comments are closed.



This Howtos posted under" Cisco, Firewall

How to configure group lock through the RADIUS server on an ASA


Find Free Howtos and tutorials on apache, Linux, windows, php, Networking, MySQL, Cisco, open source, Nas, Virtualization, voip, vpn, email,send mail, lamp, security, SEO, squid, Anti virus, Backup, Database and many more