I have a 3015 VPN Concentrator. On that concentrator I have several IPSec groups but also have users that use the SSL Client. Can the users that come in using the SSL client be put into a group so I can authenticate them internally to the concentrator?
Thanks for your reply. I actually tried doing that, but it didn't work. I created a group and only had WebVPN enabled (disabled IPSec, etc.). Then I created a user that had that group. I thought that would work, but everytime I tried to log on via SSL client, the authentication failed. I looked in the log and it was trying to authenticate to the Active Directory, which of course wouldn't work.
I didn't do anything under the IPSec tab where you specify the authentication method because it seemed to me that I wouldn't be using IPSec so that setting would be irrelevant.
You are not doing anything wrong except trying to get around the default behaviour.
WebVPN authentication requests don't fall back to the second entry in the authentication server list configured in the global mode. Whatever is the first entry, the concentrator tries to authenticate the user accordingly. It seems that you have AD on the top in the list.
You are correct, I do have internal last in my authentication list. But I don't really know what to do about that because most of the users that come in I want to authenticate against a Radius server or the AD. If I moved internal to the top of my authentication list wouldn't that screw up the authentication for all my AD users? They wouldn't have entries internally to the concentrator and since it was first in the list wouldn't it try to authenticate internally and thereby fail?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...