How to properly assign SSL VPN user into a right connection profile
I wish someone can help me with figuring how to properly assign the user the right connection profile to any user connecting via client or clientless SSL VPN. The customer requirement is not to use the group drop-down list or group URL. In this case I understand the VPN session starts using the system default settings in the DefaultWEBVPNGroup connection profile and its associated group-policy, DfltGrpPolicy. Then the ASA sends this authentication request to the RADIUS server that authenticate the user and then assign the corresponding RADIUS profile. Part of the return-request is class 25 attribute that actually enforces the user to the right group configured at the ASA. This is fine and we have the user assigned at least the right IP address pool.
But the problem manifests in assigning the user DefaultWEBVPNGroup connection profile/tunnel-group that overrides some group-policy settings, namely this DefaultWEBVPNGroup is mapped to the special group-policy for a special category of personnel.
Is there anyway to assign the user to the needed connection profile?
If not then I would assume I have to use RADIUS authorization profile to assign some AV pairs? I tried it by the way and somehow URL redirection doesn't work. One of the tasks is send the user a particular home page URL.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :