ASA group policies

Groups are a core concept used in managing the security of VPNs and in configuring an ASA. Groups specify attributes that determine user access to a VPN.

A group is a collection of users treated as a single entity. Users get their attributes from group policies. A connection profile identifies the group policy for a specific connection.

If a group policy is not specified for a particular user, the default group policy for the connection is applied.

Group policies can be internal or external. Internal policies are created locally on the device like so:

ASA1(config)# group-policy VPN_POLICY internal ASA1(config)# group-policy VPN_POLICY attributes ASA1(config-group-policy)# dns-server value ASA1(config-group-policy)# vpn-idle-timeout 15 ASA1(config-group-policy)# split-tunnel-policy tunnelspecified ASA1(config-group-policy)# split-tunnel-network-list value SPLIT_TUNNEL

External group policies can also be specified on a RADIUS server that can be used by users that are authenticated by that server.