cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
991
Views
5
Helpful
10
Replies

SSL VPN Profile question

ctalsness
Level 1
Level 1

I've done some looking and haven't been able to find an answer to this. Is there a way to direct a user to a specific SSL VPN profile based on the URL they enter to get to the SSL VPN page?

1 Accepted Solution

Accepted Solutions

Farrukh Haroon
VIP Alumni
VIP Alumni

For ASA have a look at the following:

If you want users to see a drop-down to choose from:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml

Or else have a look at the group-url command:

http://cisco.com/en/US/docs/security/asa/asa80/command/reference/gh.html#wp1731227

But this might not support the /sales /marketing functionality, you need to have different URLs I think

webvpn-sales.com

webvpn-marketing.com

Regards

Farrukh

View solution in original post

10 Replies 10

Farrukh Haroon
VIP Alumni
VIP Alumni

For ASA have a look at the following:

If you want users to see a drop-down to choose from:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml

Or else have a look at the group-url command:

http://cisco.com/en/US/docs/security/asa/asa80/command/reference/gh.html#wp1731227

But this might not support the /sales /marketing functionality, you need to have different URLs I think

webvpn-sales.com

webvpn-marketing.com

Regards

Farrukh

Hi,

I'm working on ASA8.0.3 with ADM6.0.

I've a question:

Is-there a method which permit to assign to a user a specific profile (according to his group in AD) without entring a specific URL (ex:https://ASA_IPaddress/sales) or choosing a group from the drop down list in the logon page ?

Thanking you in advance

Farrukh Haroon
VIP Alumni
VIP Alumni

Are you talking about the ASA/VPNC or the IOS here?

In IOS you use the following"

webvpn gateway ABCD

webvpn context context1

....

policy group vpn1

default-group-policy vpn1

gateway ABCD domain sales

inservice

...

webvpn context context2

....

policy group vpn2

default-group-policy vpn2

gateway ABCD domain marketing

inservice

This is just a snippet, for your reference. You could also use multiple policy groups and use Radius to assign them to users, have a look at:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/prod_white_paper0900aecd8051ac3a.html

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/prod_white_paper0900aecd8051ac50.html

Regards

Farrukh

Sorry didn't realize I didn't specify, I'm working with an ASA. I think your first response answers my question.

Thanks,

Christian

Hi:

Could i configure different contexts for different users. Avoiding that users could authenticate in the wrong context or allowing automatic redirect for users to the right context ? Also without an authentication server ?

Thanks.

VPNs are not supported in multiple context mode on the ASA.

Regards

Farrrukh

Thanks Farrukh and what about IOS Routers ?

Regards

SSL VPNs are supported on IOS, but the feature-set is limited as compared to ASA.

Have a look at this link:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htwebvpn.html

Please rate if helpful.

Regards

Farrukh

Hi: The hole thread have been very very helpful. I trying to test many ssl vpn features in IOS Router and ASA, using all the previous post.

Thank you very much. I already good rated. :)

Actually im not sure what is purporse of context or if i am missing all of its power because of i dont use a radius server to take advantage of all the attributes set, even for asa or ios.

Best Regards

Please have a look at this whitepaper:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/prod_white_paper0900aecd8051ac50.html

Please rate if helpful

Regards

Farrukh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: