How do I control who has access to Clientless SSL VPN on ASA 5520 with Raduis through acs 5.2 ?

malqazzaz · ‎12-12-2011

I have setup clientless SSL VPN on my ASA. User authentication is done by RADIUS using ACS 5.2, I have created two portal one for IT department and the other for auditing department but the user in auditing if the select IT group from the drop down list they can login to it, my question is how can I make them login to their group only and prevent them from accessing other groups ?

Thank you,

lchance · ‎12-13-2011

I need to do this same exact thing for SSL.

However, my release of ACS does not support it and it has been several months since I worked on my own issue.

I recall there being a need to use OU= in a specific RADIUS group in ACS. It wasn't the IETF I had in there but another which my ACS release did not support. At that time I found out that v5.2 supported this Radius group feature.

Maybe this small piece of info can get you pointed in the right direction until someone else chimes in.

malqazzaz · ‎12-13-2011

Ichance, thanks for the input i was able to do that with MS AD by using the "LDAP atrribute map" at that time i worked with cisco support and they show me how to do it, but this time I wanted to but this for discussion so everyone can use it if the same issue comes up.

malqazzaz · ‎01-27-2012

I Made that work with raduis too please look for this Doc

"Group Authentication separation raduis Cisco ACS 5.2 and Cisco ASA SSL VPN"

this doc has a guide about how to do that

Thank you,