Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
344
Views
0
Helpful
2
Replies

Clientless SSL VPN Groups

Go to solution
j-shearer
Level 1
Level 1

‎11-18-2007 06:19 PM - edited ‎02-21-2020 03:23 PM

Greetings. I currently have an ASA5520 in place running 8.0(2) IOS. We have configured a clientless SSL VPN portal that we are currently using as a "test run". One issue that we are trying to resolve deals with using groups at the SSL VPN login page. Right now the ASA is set to authenicate usernames/passwords to a Microsoft Windows 2003 server using IAS (RADIUS). This is working fine.

What we want to do is "lock in" the user account to a particular group alias in the ASA SSL VPN login page. For example, our SSL VPN login page displays two options for "Group", "sales' and "tech". As it stands now, a user from sales can select either one of the groups displayed and still be authenicated. Is there anyway to deny login credentials if a user does not select the correct GROUP from the pull-down? This would definitely help us make sure that users are selecting the correct GROUP from the pull-down.

Any information would be greatly appreciated.

Joe

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
irisrios
Level 6
Level 6

‎11-23-2007 12:08 PM

In order to put the user in the correct group, define RADIUS attribute 25 as ou=ASAGroupPolicyName. then try the group lock command to lock the users.

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/gh_72.html

View solution in original post

0 Helpful
2 Replies 2

Go to solution
irisrios
Level 6
Level 6

‎11-23-2007 12:08 PM

In order to put the user in the correct group, define RADIUS attribute 25 as ou=ASAGroupPolicyName. then try the group lock command to lock the users.

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/gh_72.html

0 Helpful

Go to solution
j-shearer
Level 1
Level 1
In response to irisrios

‎11-26-2007 05:19 AM

Worked like charm. Thx for the information. -Joe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents