Solved

I need to disable a user from web vpn on a cisco 5510

Posted on 2008-10-27
6
420 Views
Last Modified: 2012-06-27
I am using a Cisco 5510 firewall and have it configured for web vpn. I have it authenticating against my active directory and was wondering how to block a few individuals. I don't want to make a whole new access list, just block 2 names from the active directory. These users do not have static IP's and can access the web via anywhere.  I am not used to CLI , but am handy with asdm. Any ideas?
0
Comment
Question by:dennisjameshoward
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 32

Accepted Solution

by:
harbor235 earned 500 total points
ID: 22813317


disable the user via active diretory, that way they cannot authenticate and access will be restricted

harbor235 ;}
0
 
LVL 3

Expert Comment

by:Slawomir Malinowski
ID: 22813342
Active Directory Users and Computers > "user" properties > Dial-in tab > Remote Access Permision > Deny access > OK

or

remove this user from remote access group if you have one.
0
 

Author Comment

by:dennisjameshoward
ID: 22813379
They will be still allowed to use the network when in office, is there a setting to stop authenitcation with the asa?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 32

Expert Comment

by:harbor235
ID: 22813460


You have defined a group policy for webvpn access, you have pointed authentication to the active directory.
If you authenticated users locally then you could do what you need, however, I do not believe you can disable the user because you have told it the active directory server is the authority fro user authentication.

Filtering the source IP may be the only way without reconfiguring webvpn to authenticate locally

harbor235 ;}
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22813470
Can you post your sanitized config?

harbor235 ;}
0
 
LVL 2

Expert Comment

by:JimmyLarsson
ID: 22815424
Are you using IAS? In that case you can create a policy to deny VPN-access for members of a specific AD-group.

Br Jimmy
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Setting up a trunk port on a Cisco switch? 20 66
pptp through Cisco ASA5505 V7 5 34
Port forwarding on ubuntu 8 25
IPSec firewall rules 1 7
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question