IAS Radius - Authenticating Cisco Admins and VPN Users on ASA 5510
Posted on 2008-10-30
We have an ASA 5510 that we are configuring for RADIUS authentication.
We are trying to setup the authentication so that there are two seperate groups on the ASA both pointing to the same IAS server.
One group will be used to authenticate admin access to the ASA/Routers. (ie. Telnet, SSH, Console)
The second group will be used to authenticate the remote access VPN users.
I've tried setting it up but what happens is because both groups on the ASA point to the same IAS server the policies dont work well together. The VPN users end up being able to log into the devices.
I tried using the shell:priv attributes but then I read a topic on cisco's site that the attribute is not supported on ASA devices.
There must be a way to do this without having to use two IAS servers.