i have ASA 7.2 with ACS 4.0, all authentication is done on the ACS, now if i enable webvpn, how can i restrict specific user from my network to access it, so that not anyone who has a user and pass on ACS can access it, what attribute should i use ?
Hi .. you need to use IETF attribute 25 class. The below link will give you an idea of what you need to do. Basically you would need to use group-lock on the ASA. I have configured this before but don't have access to the devices right now. Have a look at the below link and let me know if you still can't work out how to do it.
thank you for your fast response, but by using this IETF attribute i can make sure that other users in ACS (the ones that i don't want to enable) will not be able to authenticate in the webvpn ? and shouldn't i use the Radius of vpn/asa instead of the IETF radius ?
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...