Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Clientless SSL VPN - Different networks based on login credentials?

Hi Guys,

I want to be able to display different cifs:// and unc paths based on the user that logs into the SSL portal.

Could somebody assist me in how this can be done? I couldn't find it documented somewhere...maybe I'm just going blind.

any help is appreciated.

Many thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Clientless SSL VPN - Different networks based on login crede

Oh, okay.  That's not difficult.  I don't have any documentation or anything, but assuming you already have your separate groups already configured, here's what you have to do (in ASDM):

  1. Go to Configuration --> Device Management --> Users/AAA --> User Accounts
  2. Select the username you want to assign a group policy to
  3. Click 'Edit'
  4. In the popup window, click VPN Policy on the menu on the left
  5. Your first option on the right should be Group Policy
  6. Uncheck 'Inherit' and assign a Group Policy
  7. Click 'OK'
  8. Click 'Apply'

Repeat this for each username.  That ought to do it.  Let me know if this is what you are looking for.

Please rate helpful posts.

4 REPLIES

Re: Clientless SSL VPN - Different networks based on login crede

I'm not sure if you are using ACS for authentication, but I accomplished this by using the RADIUS feature in ACS.  You can use it to assign a group policy based on username or group in which a user is in.  Here's more:   http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808cf897.shtml  Create your separate group policies with their own web customizations (different cifs://), then follow the instructions to map the users or user groups to the group policies.

Re: Clientless SSL VPN - Different networks based on login crede

Hi,

At the moment I am just using local Auth.

I think I can assign an group policy to a user can't I?

The issue I have is assigning the cifs:// to the particular group policy. Thats the documentation I'm looking for.

cheers.

Re: Clientless SSL VPN - Different networks based on login crede

Oh, okay.  That's not difficult.  I don't have any documentation or anything, but assuming you already have your separate groups already configured, here's what you have to do (in ASDM):

  1. Go to Configuration --> Device Management --> Users/AAA --> User Accounts
  2. Select the username you want to assign a group policy to
  3. Click 'Edit'
  4. In the popup window, click VPN Policy on the menu on the left
  5. Your first option on the right should be Group Policy
  6. Uncheck 'Inherit' and assign a Group Policy
  7. Click 'OK'
  8. Click 'Apply'

Repeat this for each username.  That ought to do it.  Let me know if this is what you are looking for.

Please rate helpful posts.

Re: Clientless SSL VPN - Different networks based on login crede

Thanks Antonio,

Thats exaclty what I was after, it is a lot simpler than I thought it would be.

The next problem I have is that they are using LDAP to authenticate, I know I can map ldap group's to group policys, but haven't seen if its possible to map ldap usernames to group policies. I'll post this question as a seperate post.

Many thanks!

249
Views
0
Helpful
4
Replies
CreatePlease login to create content