SSL Tunnel Groups

Unanswered Question
Oct 3rd, 2007

Hi.


Has anyone set up ACS security for SSL/Webvpn Tunnel Groups on the ASA.


I want to set up multiple tunnel groups for different SSL VPNs and control Authentication via ACS.


How do I ensure that when the user has Authenticated, he can only access a particular Tunnel Group?


There doesn't appear to be any way to tie the username name with the allowed tunnel on the ASA.


With IPSEC VPN - the client provides the group and corresponding pre-shared key to associate the user with an IPSEC Tunnel, but this doesn't work for SSL.


Thanks.


Mick.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Danilo Dy Thu, 10/04/2007 - 06:10

Hi,


I'm able to do that using Microsoft AD (as LDAP) and Microsoft IAS (as RADIUS) with over 100 tunnel groups and thousands of users.


- User can be a member of only one tunnel group (limitation).

- Each tunnel group have ACL/ACE to allow access only to specific host(s)/network(s) and services/ports.

- There is no drop-down list of tunnel groups in the login page. Give and take though, all tunnel groups will be sharing one vpn pool. If I want dedicated vpn pool for each tunnel group, the drop-down list is a must.


Regards,

Dandy

Actions

This Discussion