I only ever touch my ASA via ASDM, but what I've got is Connection Profile Default - AAA(local) Connection Profile 123 - AAA (radius)
And then the users chose the connection profile from the login page (using tunnel-group-list enable). In your case you could just reverse that. Thanks, Erik -----Original Message----- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jason Lixfeld Sent: Wednesday, November 20, 2013 2:14 PM To: <cisco-nsp@puck.nether.net> Subject: [c-nsp] ASA equiv to aaa login local group blah I'm trying to do a quick and dirty add to a 9.1(3) ASA running WebVPN to allow a contractor in without having to create them an account on our main directory server. In IOS land, I could specify local auth before a server group and it would work fine. It seems that in ASA land you can only specify local auth after a server group fails. I tried to create a specific group policy for the user, but it doesn't seem to wanna work. ! group-policy DfltGrpPolicy attributes vpn-tunnel-protocol ssl-client ssl-clientless split-tunnel-policy tunnelspecified split-tunnel-network-list value SPLITTUNNEL gateway-fqdn value foo.bar.com address-pools value SSLVPN group-policy LocalAuthOnly internal group-policy LocalAuthOnly attributes group-lock value LocalAuthOnly username contractor password mEkEo2tG2a/HS2Ah encrypted username contractor attributes vpn-group-policy LocalAuthOnly group-lock value LocalAuthOnly service-type remote-access tunnel-group DefaultRAGroup general-attributes authentication-server-group CORPRADIUS LOCAL tunnel-group DefaultWEBVPNGroup general-attributes authentication-server-group CORPRADIUS LOCAL tunnel-group LocalAuthOnly type remote-access tunnel-group LocalAuthOnly general-attributes default-group-policy LocalAuthOnly ! Is there another way that I'm missing? Thanks in advance. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/