cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
518
Views
0
Helpful
3
Replies

web VPN privilege

davidcruise
Level 1
Level 1

i want to configure Web vpn in the following scenario

-authentication from the ACS ,& on the same Web vpn certain users will have the privilege to download the ssl client , other users don't have the privilege to download the ssl client ( work as clientless ssl vpn only) ,

is this applicable or not ,& is there any reference

3 Replies 3

sziaulla
Cisco Employee
Cisco Employee

if you are using Radius protocol then you can define 2 group policy on the ASA and assign any specific group policy based on the attribute returned from the ACS.

here is the config example to apply different group policy for users.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808cf897.shtml

in one group policy you can define the web vpn thin client config and in the other group policy you can define either both or only ssl with full tunnel mode.

hope this help...

regards

-Syed

Thanks for your reply ,

but after i configured the group policies on asa & radius attributes on the acs , what is the command that is configured under the group policy to identify it to work as web vpn thin client or as ssl with full tunnel mode

here is the example for ssl vpn (webvpn) configuration:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00806ea271.shtml

and here is the sample config for ssl full client config:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008071c428.shtml

i hope this helps.

thanks

-Syed

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: