06-06-2008 05:46 AM
I've done some looking and haven't been able to find an answer to this. Is there a way to direct a user to a specific SSL VPN profile based on the URL they enter to get to the SSL VPN page?
Solved! Go to Solution.
06-06-2008 07:02 AM
For ASA have a look at the following:
If you want users to see a drop-down to choose from:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml
Or else have a look at the group-url command:
http://cisco.com/en/US/docs/security/asa/asa80/command/reference/gh.html#wp1731227
But this might not support the /sales /marketing functionality, you need to have different URLs I think
webvpn-sales.com
webvpn-marketing.com
Regards
Farrukh
06-06-2008 07:02 AM
For ASA have a look at the following:
If you want users to see a drop-down to choose from:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml
Or else have a look at the group-url command:
http://cisco.com/en/US/docs/security/asa/asa80/command/reference/gh.html#wp1731227
But this might not support the /sales /marketing functionality, you need to have different URLs I think
webvpn-sales.com
webvpn-marketing.com
Regards
Farrukh
06-11-2008 02:01 AM
Hi,
I'm working on ASA8.0.3 with ADM6.0.
I've a question:
Is-there a method which permit to assign to a user a specific profile (according to his group in AD) without entring a specific URL (ex:https://ASA_IPaddress/sales) or choosing a group from the drop down list in the logon page ?
Thanking you in advance
06-06-2008 07:03 AM
Are you talking about the ASA/VPNC or the IOS here?
In IOS you use the following"
webvpn gateway ABCD
webvpn context context1
....
policy group vpn1
default-group-policy vpn1
gateway ABCD domain sales
inservice
...
webvpn context context2
....
policy group vpn2
default-group-policy vpn2
gateway ABCD domain marketing
inservice
This is just a snippet, for your reference. You could also use multiple policy groups and use Radius to assign them to users, have a look at:
Regards
Farrukh
06-06-2008 07:19 AM
Sorry didn't realize I didn't specify, I'm working with an ASA. I think your first response answers my question.
Thanks,
Christian
09-09-2009 09:34 AM
Hi:
Could i configure different contexts for different users. Avoiding that users could authenticate in the wrong context or allowing automatic redirect for users to the right context ? Also without an authentication server ?
Thanks.
09-09-2009 11:34 AM
VPNs are not supported in multiple context mode on the ASA.
Regards
Farrrukh
09-09-2009 12:42 PM
Thanks Farrukh and what about IOS Routers ?
Regards
09-10-2009 06:52 AM
SSL VPNs are supported on IOS, but the feature-set is limited as compared to ASA.
Have a look at this link:
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htwebvpn.html
Please rate if helpful.
Regards
Farrukh
09-10-2009 07:09 AM
Hi: The hole thread have been very very helpful. I trying to test many ssl vpn features in IOS Router and ASA, using all the previous post.
Thank you very much. I already good rated. :)
Actually im not sure what is purporse of context or if i am missing all of its power because of i dont use a radius server to take advantage of all the attributes set, even for asa or ios.
Best Regards
09-13-2009 01:04 AM
Please have a look at this whitepaper:
Please rate if helpful
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: