WebVPN with SSL & Secure Portal

Unanswered Question
Mar 9th, 2007

I would like to configure my ASA 5520 to support 3 scenarios in the same box:

- Untrusted (kiosk mode) where the remote host is forced to use CSD

- Trusted host identified by regedit and can select either SSL VPN or WebVPN (portal only, no CSD) by drop down menu.

When using the help on the CSD VPN feature policy I get the following info:

#

Use Failure Group-Policy if you want to apply the "Alternative group policy" to any remote client matched to this location.

This option lets you apply an alternative to the default group policy so you can differentiate access rights. Typically, you would use the failure group policy to apply access rights that are more limited than those associated with the success group policy.

With this option set, CSDM dims the attributes in the Criteria area. If you click this radio button, you cannot change other settings on this tab.

Note If you click this radio button, change the alternative group policy setting for the WebVPN tunnel group to a group policy that has access rights that are different than the default group policy. To do so, choose the Configuration > VPN > General > Tunnel Group > Add/Edit Tunnel Group > WebVPN Access > WebVPN tab. Change the policy assigned to the Alternative group policy attribute to apply a policy to all clients who match this location.

#

Always use Success Group-Policy if you want to apply the default WebVPN group policy to any remote client matched to this location.

This option is the default group-based policy setting. If you click this radio button, CSDM dims the attributes in the Criteria area; you cannot change other settings on this tab. Your configuration of a group-based policy ends with this step.

#

Use Success Group-Policy if criteria match if you want to apply the following group policy to the remote client matched to this location:

*

WebVPN default group policy if the client PC satisfies the criteria specified on this tab.

*

WebVPN failure group policy if the client PC fails to satisfy the criteria specified on this tab.

Note If you click this radio button, choose the Configuration > VPN > General > Tunnel Group > Add/Edit Tunnel Group > WebVPN Access > WebVPN tab. Change the policy assigned to the Alternative group policy attribute to apply a policy to clients that fail to satisfy the criteria.

I have yet to find good detailed documentation on how CSD works along with the drop down menu and group policies. Any info would be appreciated because the help isn't helpful.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion