WebVPN- authentication, domain controllers vs. local users

Unanswered Question
Oct 10th, 2007

Iv'e got ans ASA 5510 running 7.2.3 code. Currently, users connect to the ASA using the ssl vpn client and authenticate using the windows domain controller. This all works fine.

But now I have a request to provide a user access to a single server on our inside network. This is not an employee, so there is no domain user account. I tried creating a user account locally on the ASA, but apparently, the ASA only checks the local user database if it cannot reach the domain controller.

Any suggestions? I haven't been able to find and config examples on CCO.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jens Becker Thu, 10/11/2007 - 01:40

You must configure one more Virtual Context (webvpn context $name$) with other aaa parameters

Danilo Dy Thu, 10/11/2007 - 06:57

Hi,

Why make it difficult. You can still create the user in AD but in ASA ACL/ACE give him access only to one server. Having account in AD only for AAA doesn't give the user access to the entire domain.

Regards,

Dandy

r.gill Wed, 11/14/2007 - 06:17

Hi All,

Does anyone have any config examples of setting up webvpn users? Im a complete newbie at this!!...

question: can u restrict access by incoming IP for webvpn users ??

hope you can help....

Scott Cannon Tue, 12/04/2007 - 17:30

Cisco has a plethora of these - I've just been reading a document they published titled SSL VPN. I've attachd it for convenience.

Cheers

Scott

Attachment: 

Actions

This Discussion