Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Silver

SSL VPN Question

Hello,

I have setup SSL VPN on ASA. Users are authenticated using a Radius server

(Not Cisco ACS). I need to know how to assign certain users to one policy and other users to another policy. Currently all the user get the same Webpolicy but I would like to give some users more access through SSL vpn than other users.

Waiting for any feedback,

Regards,

4 REPLIES
Community Member

Re: SSL VPN Question

Hello,

I have not set it up using SSL before but I usually allow the rights using group policy and tunnel groups.

It looks like it should work for WebVPN/SSL though.

Andy.

Silver

Re: SSL VPN Question

Hello,

I have done the setup and it is working now. It requires adding an attribute on the Radius server to match the SSL policy name on the ASA.

Tested and working great...

Regards,

Community Member

Re: SSL VPN Question

Hello,

what for a attribute do you have add to the Radius ?

Thenks

Silver

Re: SSL VPN Question

Add CLASS attribute and for each policy enter OU=Management; for management policy and OU=Users; for users policy. Now when the user authenticate according to which policy matches his group the radius will the send the Group Name which will match one of the WebVPN group policy on the ASA.

Below you can find a full URL for SSL configuration:

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/vpn/webvpn.htm#wp1000003

The above contains the procedure and attribute to be added,

Appreciate your rating,

149
Views
0
Helpful
4
Replies
CreatePlease to create content