Group-lock and Windows IAS Radius - SSL clientless VPN on ASA
I have managed to get clientless SSL working using my Windows IAS radius server.
I have been trying to lock it down so only so only the Sales department can access SSL using the drop down menu on the logon screen called "sales" and the IT department can only use the drop sown menu called "IT".
I have been using the group-lock function on the ASA 5520 and on the IAS server I have been using the "class" attribute (attribute 25).
Everything is working fine for Sales if they are not in the correct Active Directory group they can't log in.
Now the interesting part is this. I created the IT part on the ASA and IAS server, so I have a drop down box saying "IT" and "Sales".
Problem is Sales can now log into Sales and IT, when I look on the IAS logs when I log into IT it says it used the Sales Policy on the IAS server.
It's like the group-lock is not working properly, once the authentiaction request gets sent to the IAS server it just looks in the any group until it finds me.
Re: Group-lock and Windows IAS Radius - SSL clientless VPN on AS
Any errors in configuration of Group-lock feature may cause this problem.In order to configure group lock, send the group policy name in the class attribute 25 on the Remote Authentication Dial-In User Service (RADIUS) server and choose the group in order to lock the user within the policy.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...