Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

SSL VPN using base group instead of Configured Group

I have a 3000 configured for Ipsec using ACS to authenticate users. I tried adding SSL VPN. I can authenticate and the SSL client installs but I can't access anything. The log on the 3000 says I'm logged in via the base group. How can I get the SSL to work via the group I configured and not the base group?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: SSL VPN using base group instead of Configured Group

You should be able to accomplish this with your RADIUS server. You would need to define class attribute 25 as an OU name equal to the specific group name you want them to connect to on the concentrator.

For example, assume you want a user SVC_User to connect to a group called SSL_VPN. In the user configuration in RADIUS you would do (under attribute 25):

OU=SSL_VPN;

(...Don't omit the semicolon.)

2 REPLIES
Cisco Employee

Re: SSL VPN using base group instead of Configured Group

You should be able to accomplish this with your RADIUS server. You would need to define class attribute 25 as an OU name equal to the specific group name you want them to connect to on the concentrator.

For example, assume you want a user SVC_User to connect to a group called SSL_VPN. In the user configuration in RADIUS you would do (under attribute 25):

OU=SSL_VPN;

(...Don't omit the semicolon.)

New Member

Re: SSL VPN using base group instead of Configured Group

Thanks that resloved my issue.

137
Views
0
Helpful
2
Replies
CreatePlease to create content