Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

How to properly assign SSL VPN user into a right connection profile

Good day!

I wish someone can help me with figuring how to properly assign the user the right connection profile to any user connecting via client or clientless SSL VPN. The customer requirement is not to use the group drop-down list or group URL. In this case I understand the VPN session starts using the system default settings in the DefaultWEBVPNGroup connection profile and its associated group-policy, DfltGrpPolicy. Then the ASA sends this authentication request to the RADIUS server that authenticate the user and then assign the corresponding RADIUS profile.  Part of the return-request is class 25 attribute that actually enforces the user to the right group configured at the ASA. This is fine and we have the user assigned at least the right IP address pool.

But the problem manifests in assigning the user DefaultWEBVPNGroup connection profile/tunnel-group that overrides some group-policy settings, namely this DefaultWEBVPNGroup is mapped to the special group-policy for a special category of personnel.

Is there anyway to assign the user to the needed connection profile?

If not then I would assume I have to use RADIUS authorization profile to assign some AV pairs? I tried it by the way and somehow URL redirection doesn't work. One of the tasks is send the user a particular home page URL.


CreatePlease to create content