SSL VPN Profile question

Answered Question
Jun 6th, 2008

I've done some looking and haven't been able to find an answer to this. Is there a way to direct a user to a specific SSL VPN profile based on the URL they enter to get to the SSL VPN page?

I have this problem too.
0 votes
Correct Answer by Farrukh Haroon about 8 years 5 months ago

For ASA have a look at the following:

If you want users to see a drop-down to choose from:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml

Or else have a look at the group-url command:

http://cisco.com/en/US/docs/security/asa/asa80/command/reference/gh.html#wp1731227

But this might not support the /sales /marketing functionality, you need to have different URLs I think

webvpn-sales.com

webvpn-marketing.com

Regards

Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Farrukh Haroon Fri, 06/06/2008 - 07:02

For ASA have a look at the following:

If you want users to see a drop-down to choose from:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml

Or else have a look at the group-url command:

http://cisco.com/en/US/docs/security/asa/asa80/command/reference/gh.html#wp1731227

But this might not support the /sales /marketing functionality, you need to have different URLs I think

webvpn-sales.com

webvpn-marketing.com

Regards

Farrukh

FREDERIC FABRE Wed, 06/11/2008 - 02:01

Hi,

I'm working on ASA8.0.3 with ADM6.0.

I've a question:

Is-there a method which permit to assign to a user a specific profile (according to his group in AD) without entring a specific URL (ex:https://ASA_IPaddress/sales) or choosing a group from the drop down list in the logon page ?

Thanking you in advance

Farrukh Haroon Fri, 06/06/2008 - 07:03

Are you talking about the ASA/VPNC or the IOS here?

In IOS you use the following"

webvpn gateway ABCD

webvpn context context1

....

policy group vpn1

default-group-policy vpn1

gateway ABCD domain sales

inservice

...

webvpn context context2

....

policy group vpn2

default-group-policy vpn2

gateway ABCD domain marketing

inservice

This is just a snippet, for your reference. You could also use multiple policy groups and use Radius to assign them to users, have a look at:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/prod_white_paper0900aecd8051ac3a.html

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/prod_white_paper0900aecd8051ac50.html

Regards

Farrukh

ctalsness Fri, 06/06/2008 - 07:19

Sorry didn't realize I didn't specify, I'm working with an ASA. I think your first response answers my question.

Thanks,

Christian

mondakota Wed, 09/09/2009 - 09:34

Hi:

Could i configure different contexts for different users. Avoiding that users could authenticate in the wrong context or allowing automatic redirect for users to the right context ? Also without an authentication server ?

Thanks.

mondakota Thu, 09/10/2009 - 07:09

Hi: The hole thread have been very very helpful. I trying to test many ssl vpn features in IOS Router and ASA, using all the previous post.

Thank you very much. I already good rated. :)

Actually im not sure what is purporse of context or if i am missing all of its power because of i dont use a radius server to take advantage of all the attributes set, even for asa or ios.

Best Regards

Actions

This Discussion