Greetings. I currently have an ASA5520 in place running 8.0(2) IOS. We have configured a clientless SSL VPN portal that we are currently using as a "test run". One issue that we are trying to resolve deals with using groups at the SSL VPN login page. Right now the ASA is set to authenicate usernames/passwords to a Microsoft Windows 2003 server using IAS (RADIUS). This is working fine.
What we want to do is "lock in" the user account to a particular group alias in the ASA SSL VPN login page. For example, our SSL VPN login page displays two options for "Group", "sales' and "tech". As it stands now, a user from sales can select either one of the groups displayed and still be authenicated. Is there anyway to deny login credentials if a user does not select the correct GROUP from the pull-down? This would definitely help us make sure that users are selecting the correct GROUP from the pull-down.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...