Solved: Re: SSL VPN using base group instead of Configured Group

randyclark · ‎08-16-2006

I have a 3000 configured for Ipsec using ACS to authenticate users. I tried adding SSL VPN. I can authenticate and the SSL client installs but I can't access anything. The log on the 3000 says I'm logged in via the base group. How can I get the SSL to work via the group I configured and not the base group?

jelloyd · ‎08-16-2006

You should be able to accomplish this with your RADIUS server. You would need to define class attribute 25 as an OU name equal to the specific group name you want them to connect to on the concentrator.

For example, assume you want a user SVC_User to connect to a group called SSL_VPN. In the user configuration in RADIUS you would do (under attribute 25):

OU=SSL_VPN;

(...Don't omit the semicolon.)

View solution in original post

jelloyd · ‎08-16-2006

You should be able to accomplish this with your RADIUS server. You would need to define class attribute 25 as an OU name equal to the specific group name you want them to connect to on the concentrator.

For example, assume you want a user SVC_User to connect to a group called SSL_VPN. In the user configuration in RADIUS you would do (under attribute 25):

OU=SSL_VPN;

(...Don't omit the semicolon.)

randyclark · ‎08-16-2006

Thanks that resloved my issue.