Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

cisco VPN Client - Banner

Hi all

I need a help with Cisco VPN Client, customer is asking configure a message (banner) to user that is not allowed access to VPN.

My customer use the auth from LDAP, just tried include a banner to Group-Policy but it will not work once the vpn-simultaneous-logins 0, below is my sample config:

ASA 8.2

VPN Client

=================================================

ldap attribute-map AccessRestrict

   map-name  msNPAllowDialin cVPN3000-IETF-Radius-Class

   map-value msNPAllowDialin TRUE AllowVPN

   map-value msNPAllowDialin FALSE NoVPN

group-policy AllowVPN internal

group-policy AllowVPN attributes

banner value *** Welcome to My Virtual Private Network ***

  dns-server value 172.16.0.10

vpn-tunnel-protocol IPSec l2tp-ipsec webvpn

default-domain value myvpn.com

group-policy NoVPN internal

group-policy NoVPN attributes

  vpn-simultaneous-logins 0

=================================================

There any way to show to users that aren't permited access to VPN a message to contact the administrator?

Any sugestion will be helpful

Cheers
Bruno Rangel

"Se você quiser alguém em quem confiar, confie em si mesmo. Quem acredita sempre alcança"
Renato Russo       

Cheers Bruno Rangel Please remember to rate helpful responses using the stars bellow and identify helpful or correct answers .
2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

cisco VPN Client - Banner

I guess banner actually appear when a group-policy is applied with a message once user is successfully authenticates.

This is

Disconnect            Continue

See here:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml#vlogin

Since in case of NoVpn group-policy, user never reach to that point so it didn't show up banner.

This is what I guess, someone may have a better answer.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
Hall of Fame Super Silver

Re: cisco VPN Client - Banner

I believe Jatin is correct. With the legacy IPSec VPN client you cannot send a banner to non-authenticated clients.

If you were to migrate to SSL VPN and use AnyConnect, you could customize your portal to display a page of your own creation (text, images etc.). Detailed instructions for that are here.

5 REPLIES
Cisco Employee

cisco VPN Client - Banner

I guess banner actually appear when a group-policy is applied with a message once user is successfully authenticates.

This is

Disconnect            Continue

See here:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml#vlogin

Since in case of NoVpn group-policy, user never reach to that point so it didn't show up banner.

This is what I guess, someone may have a better answer.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
Hall of Fame Super Silver

Re: cisco VPN Client - Banner

I believe Jatin is correct. With the legacy IPSec VPN client you cannot send a banner to non-authenticated clients.

If you were to migrate to SSL VPN and use AnyConnect, you could customize your portal to display a page of your own creation (text, images etc.). Detailed instructions for that are here.

Re: cisco VPN Client - Banner

Hey Guys

Thanks for the help!!! +5 for both

Cheers
Bruno Rangel

Cheers Bruno Rangel Please remember to rate helpful responses using the stars bellow and identify helpful or correct answers .

Re:cisco VPN Client - Banner

Hi
Just to keep you guys in touch... I did a workaround on it. And is working like a charm!
Basically configured an ACL do deny all traffic and timeout on the section :-)

group-policy NoVPN attributes
vpn-simultaneous-logins 1
banner value ***You aren't permitted to access this system ***
vpn-filter novpnaccess
vpn-session-timeout 1

access-list novpnaccess extended deny ip any any

I hope this help someone else.




Sent from Cisco Technical Support Android App

Cheers Bruno Rangel Please remember to rate helpful responses using the stars bellow and identify helpful or correct answers .
Hall of Fame Super Silver

Re:cisco VPN Client - Banner

That's innovative. I'll put that one in my toolbox.

+5 for following up with the solution.

1696
Views
19
Helpful
5
Replies
CreatePlease to create content