Clientless SSL VPN - Can I restrist what users can access?

Unanswered Question
Nov 2nd, 2008


I have just started to play around with Clientless SSL VPN on my ASA 5520, I have installed the VNC, RDP, plugins but I can't see a way to lockdown user access, so if "User A" logs in he gets different access to "User B" at the moment if any user logs in (including a non admin) they can see all the bookmarks etc and get the same access each.

I have an external company I only need to access one website too.#

I hope you can shed some light.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bwilmoth Fri, 11/07/2008 - 07:34

To lockdown the user access you can use the command called “group-lock {value tunnel-grp-name | none}” in group-policy configuration mode. It is used to specify whether to restrict remote users to access only through the connection profile. Group-lock restricts users by checking if the group configured in the VPN client is the same as the connection profile to which the user is assigned. If it is not, the security appliance prevents the user from connecting. If you do not configure group-lock, the security appliance authenticates users without regard to the assigned group. Group locking is disabled by default.


This Discussion