I´m trying to solve a problem with my asa 5510. I would like to publish applications behind Clientless SSL VPN for different users that will belong to groups created in AD. Do i have to use URL to get to the complete separations for bookmarks and for example redirect to a webserver and other layout and access rule at the portal?
I will try to explain what would be ideal and lets see if someone will come up with a solution.
User A (member of ad group RDP_CIFS) logs in and gets a couple of bookmarks to RDP server and also access to Common and Home drive via cifs.
User B (member of ad group Redirect2Site) logs in and get redirected to a internal published rdweb/ericom/citrix server login page.
User C (member of ad group RDP2Server1) logs in and gets only a published rdp connection to server1.
I would like to achive this without the user having to choose in dropbox (for url) or editing the url in adressfield.
The ASA is connected via MSKCD Kerberos AAA server group and my idea was to use DAP for making the the AD group selection of what is published in a new DAP policy.
I think your suggestion is the solution to this treath, I mean doing this via a DAP makes sense. Then the user will be mapped to the right Connection profile without the necessity from him to select the profile.
And you can also custom your own DAP so you can set the right bookmarks for each one of them deppending on the attributes of the AAA server ( the attributes will need to be LDAP,RADIUS or CISCO)
Looking for some Networking Assistance?
Contact me directly at firstname.lastname@example.org
I will fix your problem ASAP.
Julio Carvajal Segura
I have tried this via DAP but i get stuck. How should i configure Connection profiles, Group Policys, Dynamic Access Policies so that user gets different bookmarks and stuff depending on AD group belonging?
If i disable DfltAccessPolicy and creates a new dap where i put the suggested group from AD under Selection Criteria (ldap.memberof=ADGROUP) i´m not able to login at the sslvpn portal. Some other forums suggest the use of Cisco attribute to map against AD to make selection. I´m not really sure if i understand hos this should help.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :