webvpn selective user

Unanswered Question
Apr 24th, 2008


I have configured webvpn as well and ipsec client vpn on asa 5510 7.2(3). I want webvpn to be enabled only for selected ids, at present all ipsec client vpn users are also able to login to web vpn.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
htarra Wed, 04/30/2008 - 11:57

I'm able to do it using 5510, MS 2003 AD as LDAP, and MS 2003 IAS as RADIUS.

- Create users and assign to their group in AD

- Create policy per user group. i.e. destination IP Address and ports.

User login by just knowing their username and password. Their usergroup is transparent to them, there is no drop-down list for user to select their group.

The downside of this is that you cannot assign different IP Pool per usergroup. If you want different IP Pool per user group, they wil lsee the drop-down list and they have to select their usergroup from the list. If they select the wrong usergroup, they will not be able to login. If you have too many usergroup, it wil lnot be pretty to see them all in the drop-down list.



This Discussion