cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
517
Views
0
Helpful
6
Replies

SSL VPN Group authentication issue

dlharding
Level 1
Level 1

I have a Cisco 3K VPN concentrator configured to terminate ssl vpns. VPN Users are authenticated using an RSA ACE server. If I create a user and add them to the base group user can connect - auth fine. If I create a new group i.e. sslvpn group and add users to this auth fails and they cannot connect.

6 Replies 6

bjornare1
Level 1
Level 1

I have the same problem. I cannot log in to webVPN unless WebVPN is enebled on the Base Group.

Anyone?

I think you have to enable WebVPN on your specific group.

Yes, that's correct. I have a group, sslVPN. This group has enabled WebVPN but it does not work unless WebVPN is enebled on the Base Group and the log shows that Base Group is used.

I am also unable to log in internal users, only RADIUS users work. It does not matter witch group the Internal users belong to.

To specify your group you have to configure:

Enable Group Lookup and define a group delimiter (for example @) under Configuration | System | General | Global Authentication Parameters.

Then you'll have to log with user@sslVPN (you can choose to strip realm in your group configuration ).

Try to move up the internal server in the authentication servers list.

Morgan.

Did the trick! Thanks!

tom.shiba
Level 1
Level 1

non group based protocols such as PPTP, SSLVPN, L2TP. All have to authenticate to the generic base group first. By themselves these protocols are not group oriented and do not negotiate group assignment. It was never designed that way. What you have to do is authenticate the users against the base group as regular but then use RADIUS to send OU=sslvpn; This will assign the user into this group where you can apply the different policiys,restrictions,etc

I have tried this and it is working for my 4.x, WebVPN, SSLVPN users, contractors, IT, etc.

http://www.cisco.com/en/US/tech/tk59/technologies_configuration_example09186a00800946a2.shtml

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00803ee122.html#wp1013532

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: