Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco ASA Clientless VPN and AnyConnect VPN 1

Status
Not open for further replies.

fojas

MIS
Feb 18, 2008
2
US
Is there a way to allow access to Clientless (webvpn) for some users but not to AnyConnect? We want powerusers to use AnyConnect and normal users to use the Clientless. Right now all users can access either one. We're using IAS RADIUS for authentication. Thanks.
 
How do I tell Cisco which policy in IAS to use? The only information that I can configure in Cisco are IAS' IP address, secret key and encryption type.
Thanks.
 
On the ASA create two group-policies; power_users_policy and users_policy (for example). In the power_users_policy be sure to add vpn-tunnel-protocol webvpn and in users_policy add vpn-tunnel-protocol svc. In Windows create two groups, VPN_power_users and VPN_users (as an example); add your users to each group. In IAS create two policies; VPN_power_users_policy and VPN_users_policy. Edit each policy and be sure to use Windows-Groups as a policy condition and add VPN_power_users into one policy and VPN_users into the second policy. Click Edit profile and go to the Advanced tab. Click add. Find the Class attribute and add it. In the space provided type in OU=power_users_policy (in exact case) and add OU=users_policy (in exact case) in the second policy.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top