03-15-2007 06:52 AM - edited 02-21-2020 02:55 PM
I have a 3015 VPN Concentrator. On that concentrator I have several IPSec groups but also have users that use the SSL Client. Can the users that come in using the SSL client be put into a group so I can authenticate them internally to the concentrator?
03-15-2007 06:58 AM
Hi,
Yes you can use a specific group for the SSL client, create users and bind those to the specific group created. Just make sure that WebVPN is enabled for the group you created.
HTH,
Please rate if it helps,
Regards,
03-15-2007 07:38 AM
Thanks for your reply. I actually tried doing that, but it didn't work. I created a group and only had WebVPN enabled (disabled IPSec, etc.). Then I created a user that had that group. I thought that would work, but everytime I tried to log on via SSL client, the authentication failed. I looked in the log and it was trying to authenticate to the Active Directory, which of course wouldn't work.
I didn't do anything under the IPSec tab where you specify the authentication method because it seemed to me that I wouldn't be using IPSec so that setting would be irrelevant.
What am I doing wrong?
03-15-2007 09:09 AM
Hi,
You are not doing anything wrong except trying to get around the default behaviour.
WebVPN authentication requests don't fall back to the second entry in the authentication server list configured in the global mode. Whatever is the first entry, the concentrator tries to authenticate the user accordingly. It seems that you have AD on the top in the list.
HTH,
*Please rate if it helps.
Regards,
Kamal
03-15-2007 11:07 AM
You are correct, I do have internal last in my authentication list. But I don't really know what to do about that because most of the users that come in I want to authenticate against a Radius server or the AD. If I moved internal to the top of my authentication list wouldn't that screw up the authentication for all my AD users? They wouldn't have entries internally to the concentrator and since it was first in the list wouldn't it try to authenticate internally and thereby fail?
12-12-2007 05:41 AM
I have the same problem. If i change the order of the authentication servers (the internal over the Radius) the webvpn user logged on ok, but the rest of the users of Active Directory never connects.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide