wevbpn restrict access

Unanswered Question
Oct 1st, 2007
User Badges:


i have ASA 7.2 with ACS 4.0, all authentication is done on the ACS, now if i enable webvpn, how can i restrict specific user from my network to access it, so that not anyone who has a user and pass on ACS can access it, what attribute should i use ?

thank you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Fernando_Meza Mon, 10/01/2007 - 23:35
User Badges:
  • Gold, 750 points or more

Hi .. you need to use IETF attribute 25 class. The below link will give you an idea of what you need to do. Basically you would need to use group-lock on the ASA. I have configured this before but don't have access to the devices right now. Have a look at the below link and let me know if you still can't work out how to do it.

I hope it helps .. please rate it if it does !!!


josephium Wed, 10/03/2007 - 00:20
User Badges:

thank you for your fast response, but by using this IETF attribute i can make sure that other users in ACS (the ones that i don't want to enable) will not be able to authenticate in the webvpn ? and shouldn't i use the Radius of vpn/asa instead of the IETF radius ?

thank you


This Discussion