Solved: SSL VPN Profile question

ctalsness · ‎06-06-2008

I've done some looking and haven't been able to find an answer to this. Is there a way to direct a user to a specific SSL VPN profile based on the URL they enter to get to the SSL VPN page?

Farrukh Haroon · ‎06-06-2008

For ASA have a look at the following:

If you want users to see a drop-down to choose from:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml

Or else have a look at the group-url command:

http://cisco.com/en/US/docs/security/asa/asa80/command/reference/gh.html#wp1731227

But this might not support the /sales /marketing functionality, you need to have different URLs I think

webvpn-sales.com

webvpn-marketing.com

Regards

Farrukh

View solution in original post

Farrukh Haroon · ‎06-06-2008

For ASA have a look at the following:

If you want users to see a drop-down to choose from:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml

Or else have a look at the group-url command:

http://cisco.com/en/US/docs/security/asa/asa80/command/reference/gh.html#wp1731227

But this might not support the /sales /marketing functionality, you need to have different URLs I think

webvpn-sales.com

webvpn-marketing.com

Regards

Farrukh

FREDERIC FABRE · ‎06-11-2008

Hi,

I'm working on ASA8.0.3 with ADM6.0.

I've a question:

Is-there a method which permit to assign to a user a specific profile (according to his group in AD) without entring a specific URL (ex:https://ASA_IPaddress/sales) or choosing a group from the drop down list in the logon page ?

Thanking you in advance

Farrukh Haroon · ‎06-06-2008

Are you talking about the ASA/VPNC or the IOS here?

In IOS you use the following"

webvpn gateway ABCD

webvpn context context1

....

policy group vpn1

default-group-policy vpn1

gateway ABCD domain sales

inservice

...

webvpn context context2

....

policy group vpn2

default-group-policy vpn2

gateway ABCD domain marketing

inservice

This is just a snippet, for your reference. You could also use multiple policy groups and use Radius to assign them to users, have a look at:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/prod_white_paper0900aecd8051ac3a.html

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/prod_white_paper0900aecd8051ac50.html

Regards

Farrukh

ctalsness · ‎06-06-2008

Sorry didn't realize I didn't specify, I'm working with an ASA. I think your first response answers my question.

Thanks,

Christian

mondakota · ‎09-09-2009

Hi:

Could i configure different contexts for different users. Avoiding that users could authenticate in the wrong context or allowing automatic redirect for users to the right context ? Also without an authentication server ?

Thanks.

Farrukh Haroon · ‎09-09-2009

VPNs are not supported in multiple context mode on the ASA.

Regards

Farrrukh

mondakota · ‎09-09-2009

Thanks Farrukh and what about IOS Routers ?

Regards

Farrukh Haroon · ‎09-10-2009

SSL VPNs are supported on IOS, but the feature-set is limited as compared to ASA.

Have a look at this link:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htwebvpn.html

Please rate if helpful.

Regards

Farrukh

mondakota · ‎09-10-2009

Hi: The hole thread have been very very helpful. I trying to test many ssl vpn features in IOS Router and ASA, using all the previous post.

Thank you very much. I already good rated. :)

Actually im not sure what is purporse of context or if i am missing all of its power because of i dont use a radius server to take advantage of all the attributes set, even for asa or ios.

Best Regards

Farrukh Haroon · ‎09-13-2009

Please have a look at this whitepaper:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/prod_white_paper0900aecd8051ac50.html

Please rate if helpful

Regards

Farrukh