12-12-2011 08:50 AM - edited 02-21-2020 05:45 PM
I have setup clientless SSL VPN on my ASA. User authentication is done by RADIUS using ACS 5.2, I have created two portal one for IT department and the other for auditing department but the user in auditing if the select IT group from the drop down list they can login to it, my question is how can I make them login to their group only and prevent them from accessing other groups ?
Thank you,
12-13-2011 05:58 AM
I need to do this same exact thing for SSL.
However, my release of ACS does not support it and it has been several months since I worked on my own issue.
I recall there being a need to use OU= in a specific RADIUS group in ACS. It wasn't the IETF I had in there but another which my ACS release did not support. At that time I found out that v5.2 supported this Radius group feature.
Maybe this small piece of info can get you pointed in the right direction until someone else chimes in.
12-13-2011 10:42 AM
Ichance, thanks for the input i was able to do that with MS AD by using the "LDAP atrribute map" at that time i worked with cisco support and they show me how to do it, but this time I wanted to but this for discussion so everyone can use it if the same issue comes up.
01-27-2012 01:06 PM
I Made that work with raduis too please look for this Doc
"Group Authentication separation raduis Cisco ACS 5.2 and Cisco ASA SSL VPN"
this doc has a guide about how to do that
Thank you,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: