Clientless SSL VPN - Different networks based on login credentials?

Answered Question
Jul 15th, 2010

Hi Guys,

I want to be able to display different cifs:// and unc paths based on the user that logs into the SSL portal.

Could somebody assist me in how this can be done? I couldn't find it documented somewhere...maybe I'm just going blind.

any help is appreciated.

Many thanks.

Correct Answer by Antonio Knox about 6 years 7 months ago

Oh, okay.  That's not difficult.  I don't have any documentation or anything, but assuming you already have your separate groups already configured, here's what you have to do (in ASDM):

  1. Go to Configuration --> Device Management --> Users/AAA --> User Accounts
  2. Select the username you want to assign a group policy to
  3. Click 'Edit'
  4. In the popup window, click VPN Policy on the menu on the left
  5. Your first option on the right should be Group Policy
  6. Uncheck 'Inherit' and assign a Group Policy
  7. Click 'OK'
  8. Click 'Apply'

Repeat this for each username.  That ought to do it.  Let me know if this is what you are looking for.

Please rate helpful posts.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Antonio Knox Sat, 07/17/2010 - 17:29

I'm not sure if you are using ACS for authentication, but I accomplished this by using the RADIUS feature in ACS.  You can use it to assign a group policy based on username or group in which a user is in.  Here's more:   http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808cf897.shtml  Create your separate group policies with their own web customizations (different cifs://), then follow the instructions to map the users or user groups to the group policies.

marcosgeorgopoulos Sun, 07/18/2010 - 02:59

Hi,

At the moment I am just using local Auth.

I think I can assign an group policy to a user can't I?

The issue I have is assigning the cifs:// to the particular group policy. Thats the documentation I'm looking for.

cheers.

Correct Answer
Antonio Knox Sun, 07/18/2010 - 10:21

Oh, okay.  That's not difficult.  I don't have any documentation or anything, but assuming you already have your separate groups already configured, here's what you have to do (in ASDM):

  1. Go to Configuration --> Device Management --> Users/AAA --> User Accounts
  2. Select the username you want to assign a group policy to
  3. Click 'Edit'
  4. In the popup window, click VPN Policy on the menu on the left
  5. Your first option on the right should be Group Policy
  6. Uncheck 'Inherit' and assign a Group Policy
  7. Click 'OK'
  8. Click 'Apply'

Repeat this for each username.  That ought to do it.  Let me know if this is what you are looking for.

Please rate helpful posts.

marcosgeorgopoulos Sun, 07/18/2010 - 18:28

Thanks Antonio,

Thats exaclty what I was after, it is a lot simpler than I thought it would be.

The next problem I have is that they are using LDAP to authenticate, I know I can map ldap group's to group policys, but haven't seen if its possible to map ldap usernames to group policies. I'll post this question as a seperate post.

Many thanks!

Actions

This Discussion