SSL Tunnel Groups

Unanswered Question
Oct 3rd, 2007

Hi.

Has anyone set up ACS security for SSL/Webvpn Tunnel Groups on the ASA.

I want to set up multiple tunnel groups for different SSL VPNs and control Authentication via ACS.

How do I ensure that when the user has Authenticated, he can only access a particular Tunnel Group?

There doesn't appear to be any way to tie the username name with the allowed tunnel on the ASA.

With IPSEC VPN - the client provides the group and corresponding pre-shared key to associate the user with an IPSEC Tunnel, but this doesn't work for SSL.

Thanks.

Mick.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Danilo Dy Thu, 10/04/2007 - 06:10

Hi,

I'm able to do that using Microsoft AD (as LDAP) and Microsoft IAS (as RADIUS) with over 100 tunnel groups and thousands of users.

- User can be a member of only one tunnel group (limitation).

- Each tunnel group have ACL/ACE to allow access only to specific host(s)/network(s) and services/ports.

- There is no drop-down list of tunnel groups in the login page. Give and take though, all tunnel groups will be sharing one vpn pool. If I want dedicated vpn pool for each tunnel group, the drop-down list is a must.

Regards,

Dandy

Actions

This Discussion