cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4808
Views
25
Helpful
5
Replies

cisco VPN Client - Banner

Bruno Rangel
Spotlight
Spotlight

Hi all

I need a help with Cisco VPN Client, customer is asking configure a message (banner) to user that is not allowed access to VPN.

My customer use the auth from LDAP, just tried include a banner to Group-Policy but it will not work once the vpn-simultaneous-logins 0, below is my sample config:

ASA 8.2

VPN Client

=================================================

ldap attribute-map AccessRestrict

   map-name  msNPAllowDialin cVPN3000-IETF-Radius-Class

   map-value msNPAllowDialin TRUE AllowVPN

   map-value msNPAllowDialin FALSE NoVPN

group-policy AllowVPN internal

group-policy AllowVPN attributes

banner value *** Welcome to My Virtual Private Network ***

  dns-server value 172.16.0.10

vpn-tunnel-protocol IPSec l2tp-ipsec webvpn

default-domain value myvpn.com

group-policy NoVPN internal

group-policy NoVPN attributes

  vpn-simultaneous-logins 0

=================================================

There any way to show to users that aren't permited access to VPN a message to contact the administrator?

Any sugestion will be helpful

Cheers
Bruno Rangel

"Se você quiser alguém em quem confiar, confie em si mesmo. Quem acredita sempre alcança"
Renato Russo       

Cheers
Bruno Rangel
Please remember to rate helpful responses using the star bellow and identify helpful or correct answers
2 Accepted Solutions

Accepted Solutions

Jatin Katyal
Cisco Employee
Cisco Employee

I guess banner actually appear when a group-policy is applied with a message once user is successfully authenticates.

This is

Disconnect            Continue

See here:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml#vlogin

Since in case of NoVpn group-policy, user never reach to that point so it didn't show up banner.

This is what I guess, someone may have a better answer.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

View solution in original post

I believe Jatin is correct. With the legacy IPSec VPN client you cannot send a banner to non-authenticated clients.

If you were to migrate to SSL VPN and use AnyConnect, you could customize your portal to display a page of your own creation (text, images etc.). Detailed instructions for that are here.

View solution in original post

5 Replies 5

Jatin Katyal
Cisco Employee
Cisco Employee

I guess banner actually appear when a group-policy is applied with a message once user is successfully authenticates.

This is

Disconnect            Continue

See here:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml#vlogin

Since in case of NoVpn group-policy, user never reach to that point so it didn't show up banner.

This is what I guess, someone may have a better answer.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

I believe Jatin is correct. With the legacy IPSec VPN client you cannot send a banner to non-authenticated clients.

If you were to migrate to SSL VPN and use AnyConnect, you could customize your portal to display a page of your own creation (text, images etc.). Detailed instructions for that are here.

Hey Guys

Thanks for the help!!! +5 for both

Cheers
Bruno Rangel

Cheers
Bruno Rangel
Please remember to rate helpful responses using the star bellow and identify helpful or correct answers

Bruno Rangel
Spotlight
Spotlight

Hi
Just to keep you guys in touch... I did a workaround on it. And is working like a charm!
Basically configured an ACL do deny all traffic and timeout on the section :-)

group-policy NoVPN attributes
vpn-simultaneous-logins 1
banner value ***You aren't permitted to access this system ***
vpn-filter novpnaccess
vpn-session-timeout 1

access-list novpnaccess extended deny ip any any

I hope this help someone else.




Sent from Cisco Technical Support Android App

Cheers
Bruno Rangel
Please remember to rate helpful responses using the star bellow and identify helpful or correct answers

That's innovative. I'll put that one in my toolbox.

+5 for following up with the solution.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: