Solved

CISCO ASA Restrict access to SSLVPN Client or WEB VPN based on Radius group from AD.

Posted on 2009-07-01
4
761 Views
Last Modified: 2012-08-13
I currently have the SSLVPN CLIENT and WEBVPN configured to use radius.  What I would like to do is create two AD groups one for the SSLVPN CLIENT users and one for WEBVPN users.  The SSLVPN CLIENT and WEBVPN are configured using separate policies on the ASA.  I can't figure out how to do this without setting up another radius server.
0
Comment
Question by:wlhelp
  • 2
  • 2
4 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 24777690
As part of each on the ASA policy you can define the cisco group.
On the Radius server one of the check items is the group.
i.e. part of the request the ASA in addition to transmitting the username/password/its IP it also sends a "group id" (I think it falls under the vendor specific attribute).

Configuring the IAS such that it uses this parameter as part of the check.

You would need to register with dslreports.net to view this:
http://www.dslreports.com/faq/8420

See if the below is helpful though approaches the same thing by directly querying the AD versus going through a radius server.



0
 

Author Comment

by:wlhelp
ID: 24798730
I've seen other articles point to the group ID.  I can't however under Server 2003 IAS find which attribute to use as "group id" is not present.
0
 
LVL 77

Expert Comment

by:arnold
ID: 24798918
Not sure whether it is provided from the cisco as a Vendor-specific-attribute.
This is what you would use as one of your items.
vendor-specific-attribute=group1, username, password, etc. this is VPN1

vendor-specific-attribute=group2, username, password, etc. this is VPN2.

Check Cisco's site it has many different examples.  You could find an example there or within EE.
0
 

Accepted Solution

by:
wlhelp earned 0 total points
ID: 25250537
Used 2 ISA server instances to get around the issue.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question