In order to configure group lock, send the group policy name in the class attribute 25 on the Remote Authentication Dial-In User Service (RADIUS) server and choose the group to lock the user into within the policy.

For example, in order to lock the Cisco 123 user into the RemoteGroup group, define the Internet Engineering Task Force (IETF) attribute 25 class OU=RemotePolicy; for this user on the RADIUS server.

Refer to this configuration example in order to configure group lock on an Adaptive Security Appliance (ASA):

group-policy RemotePolicy internal
group-policy RemotePolicy attributes
dns-server value x.x.x.x
group-lock value RemoteGroup

tunnel-group RemoteGroup type ipsec-ra
tunnel-group RemoteGroup general-attributes
address-pool cisco
authentication-server-group RADIUS-Group
default-group-policy RemotePolicy

Tags:asa, authenticate, choose, cisco, configuration, configure, group, secure, Security, server, servers, services

Liked this article? To continue getting our latest free Howtos and Tutorials,
you can also grab the RSS feed or Subscribe to Techgurulive by Email

Not Getting

Related posts

Cisco IOS Software Object-group Access Control List Bypass Vulnerability

How to setup Folder Redirection In windows