cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
342
Views
5
Helpful
2
Replies

wevbpn restrict access

josephium
Level 1
Level 1

Hi,

i have ASA 7.2 with ACS 4.0, all authentication is done on the ACS, now if i enable webvpn, how can i restrict specific user from my network to access it, so that not anyone who has a user and pass on ACS can access it, what attribute should i use ?

thank you

2 Replies 2

Fernando_Meza
Level 7
Level 7

Hi .. you need to use IETF attribute 25 class. The below link will give you an idea of what you need to do. Basically you would need to use group-lock on the ASA. I have configured this before but don't have access to the devices right now. Have a look at the below link and let me know if you still can't work out how to do it.

I hope it helps .. please rate it if it does !!!

http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K01201325

thank you for your fast response, but by using this IETF attribute i can make sure that other users in ACS (the ones that i don't want to enable) will not be able to authenticate in the webvpn ? and shouldn't i use the Radius of vpn/asa instead of the IETF radius ?

thank you

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: