SSL VPN Profile question

Answered Question
Jun 6th, 2008
User Badges:

I've done some looking and haven't been able to find an answer to this. Is there a way to direct a user to a specific SSL VPN profile based on the URL they enter to get to the SSL VPN page?

Correct Answer by Farrukh Haroon about 9 years 3 weeks ago

For ASA have a look at the following:


If you want users to see a drop-down to choose from:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml


Or else have a look at the group-url command:

http://cisco.com/en/US/docs/security/asa/asa80/command/reference/gh.html#wp1731227


But this might not support the /sales /marketing functionality, you need to have different URLs I think


webvpn-sales.com

webvpn-marketing.com


Regards


Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Farrukh Haroon Fri, 06/06/2008 - 07:02
User Badges:
  • Red, 2250 points or more

For ASA have a look at the following:


If you want users to see a drop-down to choose from:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml


Or else have a look at the group-url command:

http://cisco.com/en/US/docs/security/asa/asa80/command/reference/gh.html#wp1731227


But this might not support the /sales /marketing functionality, you need to have different URLs I think


webvpn-sales.com

webvpn-marketing.com


Regards


Farrukh

FREDERIC FABRE Wed, 06/11/2008 - 02:01
User Badges:

Hi,


I'm working on ASA8.0.3 with ADM6.0.

I've a question:

Is-there a method which permit to assign to a user a specific profile (according to his group in AD) without entring a specific URL (ex:https://ASA_IPaddress/sales) or choosing a group from the drop down list in the logon page ?


Thanking you in advance

Farrukh Haroon Fri, 06/06/2008 - 07:03
User Badges:
  • Red, 2250 points or more

Are you talking about the ASA/VPNC or the IOS here?


In IOS you use the following"


webvpn gateway ABCD


webvpn context context1

....

policy group vpn1

default-group-policy vpn1

gateway ABCD domain sales

inservice

...


webvpn context context2

....

policy group vpn2

default-group-policy vpn2

gateway ABCD domain marketing

inservice


This is just a snippet, for your reference. You could also use multiple policy groups and use Radius to assign them to users, have a look at:


http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/prod_white_paper0900aecd8051ac3a.html


http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/prod_white_paper0900aecd8051ac50.html


Regards


Farrukh





ctalsness Fri, 06/06/2008 - 07:19
User Badges:

Sorry didn't realize I didn't specify, I'm working with an ASA. I think your first response answers my question.


Thanks,

Christian

mondakota Wed, 09/09/2009 - 09:34
User Badges:

Hi:

Could i configure different contexts for different users. Avoiding that users could authenticate in the wrong context or allowing automatic redirect for users to the right context ? Also without an authentication server ?


Thanks.



Farrukh Haroon Wed, 09/09/2009 - 11:34
User Badges:
  • Red, 2250 points or more

VPNs are not supported in multiple context mode on the ASA.


Regards


Farrrukh

mondakota Wed, 09/09/2009 - 12:42
User Badges:

Thanks Farrukh and what about IOS Routers ?


Regards

mondakota Thu, 09/10/2009 - 07:09
User Badges:

Hi: The hole thread have been very very helpful. I trying to test many ssl vpn features in IOS Router and ASA, using all the previous post.


Thank you very much. I already good rated. :)


Actually im not sure what is purporse of context or if i am missing all of its power because of i dont use a radius server to take advantage of all the attributes set, even for asa or ios.


Best Regards

Actions

This Discussion