10-01-2007 11:15 PM - edited 03-11-2019 04:19 AM
Hi,
i have ASA 7.2 with ACS 4.0, all authentication is done on the ACS, now if i enable webvpn, how can i restrict specific user from my network to access it, so that not anyone who has a user and pass on ACS can access it, what attribute should i use ?
thank you
10-01-2007 11:35 PM
Hi .. you need to use IETF attribute 25 class. The below link will give you an idea of what you need to do. Basically you would need to use group-lock on the ASA. I have configured this before but don't have access to the devices right now. Have a look at the below link and let me know if you still can't work out how to do it.
I hope it helps .. please rate it if it does !!!
http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K01201325
10-03-2007 12:20 AM
thank you for your fast response, but by using this IETF attribute i can make sure that other users in ACS (the ones that i don't want to enable) will not be able to authenticate in the webvpn ? and shouldn't i use the Radius of vpn/asa instead of the IETF radius ?
thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide