ASA group policies
A group is a collection of users treated as a single entity. Users get their attributes from group policies. A connection profile identifies the group policy for a specific connection.
If a group policy is not specified for a particular user, the default group policy for the connection is applied.
Group policies can be internal or external. Internal policies are created locally on the device like so:
ASA1(config)# group-policy VPN_POLICY internal ASA1(config)# group-policy VPN_POLICY attributes ASA1(config-group-policy)# dns-server value 184.108.40.206 ASA1(config-group-policy)# vpn-idle-timeout 15 ASA1(config-group-policy)# split-tunnel-policy tunnelspecified ASA1(config-group-policy)# split-tunnel-network-list value SPLIT_TUNNEL
External group policies can also be specified on a RADIUS server that can be used by users that are authenticated by that server.