• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 424
  • Last Modified:

I need to disable a user from web vpn on a cisco 5510

I am using a Cisco 5510 firewall and have it configured for web vpn. I have it authenticating against my active directory and was wondering how to block a few individuals. I don't want to make a whole new access list, just block 2 names from the active directory. These users do not have static IP's and can access the web via anywhere.  I am not used to CLI , but am handy with asdm. Any ideas?
0
dennisjameshoward
Asked:
dennisjameshoward
1 Solution
 
harbor235Commented:


disable the user via active diretory, that way they cannot authenticate and access will be restricted

harbor235 ;}
0
 
Slawomir MalinowskiIT Infrastructure ManagerCommented:
Active Directory Users and Computers > "user" properties > Dial-in tab > Remote Access Permision > Deny access > OK

or

remove this user from remote access group if you have one.
0
 
dennisjameshowardAuthor Commented:
They will be still allowed to use the network when in office, is there a setting to stop authenitcation with the asa?
0
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
harbor235Commented:


You have defined a group policy for webvpn access, you have pointed authentication to the active directory.
If you authenticated users locally then you could do what you need, however, I do not believe you can disable the user because you have told it the active directory server is the authority fro user authentication.

Filtering the source IP may be the only way without reconfiguring webvpn to authenticate locally

harbor235 ;}
0
 
harbor235Commented:
Can you post your sanitized config?

harbor235 ;}
0
 
JimmyLarssonCommented:
Are you using IAS? In that case you can create a policy to deny VPN-access for members of a specific AD-group.

Br Jimmy
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now