Solved

I need to disable a user from web vpn on a cisco 5510

Posted on 2008-10-27
6
417 Views
Last Modified: 2012-06-27
I am using a Cisco 5510 firewall and have it configured for web vpn. I have it authenticating against my active directory and was wondering how to block a few individuals. I don't want to make a whole new access list, just block 2 names from the active directory. These users do not have static IP's and can access the web via anywhere.  I am not used to CLI , but am handy with asdm. Any ideas?
0
Comment
Question by:dennisjameshoward
6 Comments
 
LVL 32

Accepted Solution

by:
harbor235 earned 500 total points
ID: 22813317


disable the user via active diretory, that way they cannot authenticate and access will be restricted

harbor235 ;}
0
 
LVL 3

Expert Comment

by:Slawomir Malinowski
ID: 22813342
Active Directory Users and Computers > "user" properties > Dial-in tab > Remote Access Permision > Deny access > OK

or

remove this user from remote access group if you have one.
0
 

Author Comment

by:dennisjameshoward
ID: 22813379
They will be still allowed to use the network when in office, is there a setting to stop authenitcation with the asa?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 32

Expert Comment

by:harbor235
ID: 22813460


You have defined a group policy for webvpn access, you have pointed authentication to the active directory.
If you authenticated users locally then you could do what you need, however, I do not believe you can disable the user because you have told it the active directory server is the authority fro user authentication.

Filtering the source IP may be the only way without reconfiguring webvpn to authenticate locally

harbor235 ;}
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22813470
Can you post your sanitized config?

harbor235 ;}
0
 
LVL 2

Expert Comment

by:JimmyLarsson
ID: 22815424
Are you using IAS? In that case you can create a policy to deny VPN-access for members of a specific AD-group.

Br Jimmy
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Supervisor upgrade to 2T 3 48
cisco 2911 8 36
Trunk and Port Security 4 39
Connecting to CISCO 4402 WLC 3 3
Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now