Cisco ASA Clientless VPN and AnyConnect VPN 1

[fojas]

Is there a way to allow access to Clientless (webvpn) for some users but not to AnyConnect? We want powerusers to use AnyConnect and normal users to use the Clientless. Right now all users can access either one. We're using IAS RADIUS for authentication. Thanks.

 

[brianinms]

You will have to map your vpngroups to a policy via IAS.

 

[fojas]

How do I tell Cisco which policy in IAS to use? The only information that I can configure in Cisco are IAS' IP address, secret key and encryption type.
Thanks.

 

[unclerico]

On the ASA create two group-policies; power_users_policy and users_policy (for example). In the power_users_policy be sure to add vpn-tunnel-protocol webvpn and in users_policy add vpn-tunnel-protocol svc. In Windows create two groups, VPN_power_users and VPN_users (as an example); add your users to each group. In IAS create two policies; VPN_power_users_policy and VPN_users_policy. Edit each policy and be sure to use Windows-Groups as a policy condition and add VPN_power_users into one policy and VPN_users into the second policy. Click Edit profile and go to the Advanced tab. Click add. Find the Class attribute and add it. In the space provided type in OU=power_users_policy (in exact case) and add OU=users_policy (in exact case) in the second policy.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)