WebVPN- authentication, domain controllers vs. local users

frank.murray · ‎10-10-2007

Iv'e got ans ASA 5510 running 7.2.3 code. Currently, users connect to the ASA using the ssl vpn client and authenticate using the windows domain controller. This all works fine.

But now I have a request to provide a user access to a single server on our inside network. This is not an employee, so there is no domain user account. I tried creating a user account locally on the ASA, but apparently, the ASA only checks the local user database if it cannot reach the domain controller.

Any suggestions? I haven't been able to find and config examples on CCO.

Jens Becker · ‎10-11-2007

You must configure one more Virtual Context (webvpn context $name$) with other aaa parameters

Danilo Dy · ‎10-11-2007

Hi,

Why make it difficult. You can still create the user in AD but in ASA ACL/ACE give him access only to one server. Having account in AD only for AAA doesn't give the user access to the entire domain.

Regards,

Dandy

r.gill · ‎11-14-2007

Hi All,

Does anyone have any config examples of setting up webvpn users? Im a complete newbie at this!!...

question: can u restrict access by incoming IP for webvpn users ??

hope you can help....

Scott Cannon · ‎12-04-2007

Cisco has a plethora of these - I've just been reading a document they published titled SSL VPN. I've attachd it for convenience.

Cheers

Scott