Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

WebVPN on 881 Router and Groups

Hi there,

i have an question and i hope anyone can help me.

Is it possible on an Cisco Router to build WebVPN groups ?

I want build one group for users with grand access rights.

     --> Connect with anyconnect or Web Portal and have access to all Servers on Network.

And another group for users with limited access priveleges.

     --> Connect with anyconnect or Web Portal and can access only Server Port XXXX and Server on Port XXXX

Info: i have an 881GW Router

thanks alot

kind regards

Jonas Diehl

Cisco Employee

WebVPN on 881 Router and Groups

Hi Jonas,

Yes you can use different permissions for different group of users depending on where  your users are located , for e.g locally on the router or on radius server.

If its there on radius server, then you can push down some attributes and map it to use specific policy group or if users are created locally then you can use aaa attribute list.

The following is the document for your reference:-

Also lets take an example,  for local user on router

aaa authentication login list SSL local

aaa authorization network localauthor local

webvpn context SSL

policy group policy_1



policy group  ABC


default-group-policy policy_1

aaa authentication list SSL

aaa authorization list localauthor

gateway gateway_1


aaa attribute list ABC

attribute type user-vpn-group "ABC" mandatory

attribute type webvpn-context "SSL"

username cisco privilege 15 secret 5 $1$A840$hEkdXCQJRuPC3U5O8N3Gd0

username cisco aaa attribute list ABC

User cisco will be binded  you use the policy as ABC and context as SSL and if  there is no condition user will use the default policy policy_1.

I hope it helps.



CreatePlease to create content