Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSL VPN Profile question

I've done some looking and haven't been able to find an answer to this. Is there a way to direct a user to a specific SSL VPN profile based on the URL they enter to get to the SSL VPN page?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: SSL VPN Profile question

For ASA have a look at the following:

If you want users to see a drop-down to choose from:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml

Or else have a look at the group-url command:

http://cisco.com/en/US/docs/security/asa/asa80/command/reference/gh.html#wp1731227

But this might not support the /sales /marketing functionality, you need to have different URLs I think

webvpn-sales.com

webvpn-marketing.com

Regards

Farrukh

10 REPLIES

Re: SSL VPN Profile question

For ASA have a look at the following:

If you want users to see a drop-down to choose from:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml

Or else have a look at the group-url command:

http://cisco.com/en/US/docs/security/asa/asa80/command/reference/gh.html#wp1731227

But this might not support the /sales /marketing functionality, you need to have different URLs I think

webvpn-sales.com

webvpn-marketing.com

Regards

Farrukh

New Member

Re: SSL VPN Profile question

Hi,

I'm working on ASA8.0.3 with ADM6.0.

I've a question:

Is-there a method which permit to assign to a user a specific profile (according to his group in AD) without entring a specific URL (ex:https://ASA_IPaddress/sales) or choosing a group from the drop down list in the logon page ?

Thanking you in advance

Re: SSL VPN Profile question

Are you talking about the ASA/VPNC or the IOS here?

In IOS you use the following"

webvpn gateway ABCD

webvpn context context1

....

policy group vpn1

default-group-policy vpn1

gateway ABCD domain sales

inservice

...

webvpn context context2

....

policy group vpn2

default-group-policy vpn2

gateway ABCD domain marketing

inservice

This is just a snippet, for your reference. You could also use multiple policy groups and use Radius to assign them to users, have a look at:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/prod_white_paper0900aecd8051ac3a.html

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/prod_white_paper0900aecd8051ac50.html

Regards

Farrukh

New Member

Re: SSL VPN Profile question

Sorry didn't realize I didn't specify, I'm working with an ASA. I think your first response answers my question.

Thanks,

Christian

New Member

Re: SSL VPN Profile question

Hi:

Could i configure different contexts for different users. Avoiding that users could authenticate in the wrong context or allowing automatic redirect for users to the right context ? Also without an authentication server ?

Thanks.

Re: SSL VPN Profile question

VPNs are not supported in multiple context mode on the ASA.

Regards

Farrrukh

New Member

Re: SSL VPN Profile question

Thanks Farrukh and what about IOS Routers ?

Regards

Re: SSL VPN Profile question

SSL VPNs are supported on IOS, but the feature-set is limited as compared to ASA.

Have a look at this link:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/htwebvpn.html

Please rate if helpful.

Regards

Farrukh

New Member

Re: SSL VPN Profile question

Hi: The hole thread have been very very helpful. I trying to test many ssl vpn features in IOS Router and ASA, using all the previous post.

Thank you very much. I already good rated. :)

Actually im not sure what is purporse of context or if i am missing all of its power because of i dont use a radius server to take advantage of all the attributes set, even for asa or ios.

Best Regards

Re: SSL VPN Profile question

Please have a look at this whitepaper:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/prod_white_paper0900aecd8051ac50.html

Please rate if helpful

Regards

Farrukh

186
Views
5
Helpful
10
Replies