WebVPN- authentication, domain controllers vs. local users

Unanswered Question
Oct 10th, 2007
User Badges:

Iv'e got ans ASA 5510 running 7.2.3 code. Currently, users connect to the ASA using the ssl vpn client and authenticate using the windows domain controller. This all works fine.

But now I have a request to provide a user access to a single server on our inside network. This is not an employee, so there is no domain user account. I tried creating a user account locally on the ASA, but apparently, the ASA only checks the local user database if it cannot reach the domain controller.

Any suggestions? I haven't been able to find and config examples on CCO.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jens Becker Thu, 10/11/2007 - 01:40
User Badges:

You must configure one more Virtual Context (webvpn context $name$) with other aaa parameters

Danilo Dy Thu, 10/11/2007 - 06:57
User Badges:
  • Blue, 1500 points or more


Why make it difficult. You can still create the user in AD but in ASA ACL/ACE give him access only to one server. Having account in AD only for AAA doesn't give the user access to the entire domain.



r.gill Wed, 11/14/2007 - 06:17
User Badges:

Hi All,

Does anyone have any config examples of setting up webvpn users? Im a complete newbie at this!!...

question: can u restrict access by incoming IP for webvpn users ??

hope you can help....

Scott Cannon Tue, 12/04/2007 - 17:30
User Badges:

Cisco has a plethora of these - I've just been reading a document they published titled SSL VPN. I've attachd it for convenience.





This Discussion