01-12-2007 09:01 AM - edited 03-11-2019 02:18 AM
Hello,
I have setup SSL VPN on ASA. Users are authenticated using a Radius server
(Not Cisco ACS). I need to know how to assign certain users to one policy and other users to another policy. Currently all the user get the same Webpolicy but I would like to give some users more access through SSL vpn than other users.
Waiting for any feedback,
Regards,
01-12-2007 09:19 AM
Hello,
I have not set it up using SSL before but I usually allow the rights using group policy and tunnel groups.
It looks like it should work for WebVPN/SSL though.
Andy.
01-12-2007 10:37 AM
Hello,
I have done the setup and it is working now. It requires adding an attribute on the Radius server to match the SSL policy name on the ASA.
Tested and working great...
Regards,
06-27-2007 01:04 PM
Hello,
what for a attribute do you have add to the Radius ?
Thenks
06-27-2007 01:53 PM
Add CLASS attribute and for each policy enter OU=Management; for management policy and OU=Users; for users policy. Now when the user authenticate according to which policy matches his group the radius will the send the Group Name which will match one of the WebVPN group policy on the ASA.
Below you can find a full URL for SSL configuration:
The above contains the procedure and attribute to be added,
Appreciate your rating,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: