Clientless SSL VPN - Can I restrist what users can access?

Unanswered Question
Nov 2nd, 2008
User Badges:


I have just started to play around with Clientless SSL VPN on my ASA 5520, I have installed the VNC, RDP, plugins but I can't see a way to lockdown user access, so if "User A" logs in he gets different access to "User B" at the moment if any user logs in (including a non admin) they can see all the bookmarks etc and get the same access each.

I have an external company I only need to access one website too.#

I hope you can shed some light.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bwilmoth Fri, 11/07/2008 - 07:34
User Badges:
  • Silver, 250 points or more

To lockdown the user access you can use the command called “group-lock {value tunnel-grp-name | none}” in group-policy configuration mode. It is used to specify whether to restrict remote users to access only through the connection profile. Group-lock restricts users by checking if the group configured in the VPN client is the same as the connection profile to which the user is assigned. If it is not, the security appliance prevents the user from connecting. If you do not configure group-lock, the security appliance authenticates users without regard to the assigned group. Group locking is disabled by default.


This Discussion