Re: SSL VPN Question

m-haddad · ‎01-12-2007

Hello,

I have setup SSL VPN on ASA. Users are authenticated using a Radius server

(Not Cisco ACS). I need to know how to assign certain users to one policy and other users to another policy. Currently all the user get the same Webpolicy but I would like to give some users more access through SSL vpn than other users.

Waiting for any feedback,

Regards,

andyjames · ‎01-12-2007

Hello,

I have not set it up using SSL before but I usually allow the rights using group policy and tunnel groups.

It looks like it should work for WebVPN/SSL though.

Andy.

m-haddad · ‎01-12-2007

Hello,

I have done the setup and it is working now. It requires adding an attribute on the Radius server to match the SSL policy name on the ASA.

Tested and working great...

Regards,

m.trautes · ‎06-27-2007

Hello,

what for a attribute do you have add to the Radius ?

Thenks

m-haddad · ‎06-27-2007

Add CLASS attribute and for each policy enter OU=Management; for management policy and OU=Users; for users policy. Now when the user authenticate according to which policy matches his group the radius will the send the Group Name which will match one of the WebVPN group policy on the ASA.

Below you can find a full URL for SSL configuration:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/vpn/webvpn.htm#wp1000003

The above contains the procedure and attribute to be added,

Appreciate your rating,