How to recreate similar access control in WebVPN

Unanswered Question
Oct 1st, 2009
User Badges:

So with the ipsec client, it was easy to distribute PCF files to folks based on what you wanted to access... different group name, different ACLs, different PCF. So in order to use that vpngroup's access, you had to have the PCF.

However, with WebVPN, this is not the case. Any user can pick any groupname in the drop down window, which means there's no longer a simple way to control who can use what group.

Anyone have any thoughts/suggestions on how to overcome this issue with the webVPN?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
maltuna Thu, 10/01/2009 - 09:42
User Badges:

So I found two examples of using Secure ACS and using LDAP to assign a policy at logon... but we have neither in our environment (we use microsoft AD, with IAS server's version of RADIUS)... hmm...

auraza Thu, 10/08/2009 - 14:24
User Badges:
  • Cisco Employee,

You can use IAS to do the same thing. You can have it return the Class attribute with the name of the group-policy - remember, it maps to the group-policy, not the tunnel-group, so you want to put the name of the group-policy you want to map that user to.

This setting should be available under the RAS policy for the specific group.

PS. If this post was helpful, please rate it.


This Discussion