Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Clientless SSL VPN Groups

Greetings. I currently have an ASA5520 in place running 8.0(2) IOS. We have configured a clientless SSL VPN portal that we are currently using as a "test run". One issue that we are trying to resolve deals with using groups at the SSL VPN login page. Right now the ASA is set to authenicate usernames/passwords to a Microsoft Windows 2003 server using IAS (RADIUS). This is working fine.

What we want to do is "lock in" the user account to a particular group alias in the ASA SSL VPN login page. For example, our SSL VPN login page displays two options for "Group", "sales' and "tech". As it stands now, a user from sales can select either one of the groups displayed and still be authenicated. Is there anyway to deny login credentials if a user does not select the correct GROUP from the pull-down? This would definitely help us make sure that users are selecting the correct GROUP from the pull-down.

Any information would be greatly appreciated.

Joe

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Clientless SSL VPN Groups

In order to put the user in the correct group, define RADIUS attribute 25 as ou=ASAGroupPolicyName. then try the group lock command to lock the users.

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/gh_72.html

2 REPLIES
Silver

Re: Clientless SSL VPN Groups

In order to put the user in the correct group, define RADIUS attribute 25 as ou=ASAGroupPolicyName. then try the group lock command to lock the users.

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/gh_72.html

Community Member

Re: Clientless SSL VPN Groups

Worked like charm. Thx for the information. -Joe

131
Views
0
Helpful
2
Replies
CreatePlease to create content