RE: ACS 5.1 and Radius att for VPN IP pool

Attribute 25..

Marcin Zgola | Netrix, LLC | 847.283.7400 |(Direct) 847.283.7328| (fax) 847.283.7610 | http://www.netrixllc.com/
Internetwork Lead | CCIE# 18676 (Security)

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Ivan Hrvatska
Sent: Thursday, April 21, 2011 4:17 AM
To: Cisco certification
Subject: ACS 5.1 and Radius att for VPN IP pool

Hi,

I have some issue with configuring ACS 5.1. What I want to do is next:
I have Remote Access VPN users (IPsec) who are terminated on Cisco ASA 5510. AAA for those users is done on ACS. Group-policies and tunnel groups are defined on ASA. Initialy I had all VPN users defined on ASA and group policies were associated with each user. Each group policy had it's own IP pool for users. Now, I moved users to ACS. HOw can I associate group policy, defined on ASA, with users group defined on ACS? Is it possible that ACS send to ASA information about IP pool for different group policy? I know that I have to use some Radius att, but which one and how?
Thanks.

Regards,
Ivan

Blogs and organic groups at http://www.ccie.net
Received on Thu Apr 21 2011 - 16:20:11 ART