Link to home
Start Free TrialLog in
Avatar of zenki_fc
zenki_fcFlag for United States of America

asked on

Setup ACL Cisco ASDM 6.1 (Cisco 5510 series) for Clientless VPN - LDAP/Local

Hey guys.

I am in the middle of setting up a clientless VPN and everything seems to be set (minus certificate, but that doesnt matter right now) but I can't seem to get each custom portal to be its own.

What I am saying is simply, How can I restrict access to other custom portals?

I've already configured Group Policys, AAA Server Groups and LDAP Maps. Two connection profiles have been set as well enabling the drop down menu at login. The problem is, any user with the right password can visit either custom page/portal. Im not sure if I configured the LDAP Map correctly or AAA Groups for that matter.

I also noticed a Web ACL option/setup. Would that by any chance be helpful to my question? If so, I could use some help in setting it up. If there is any screencaptures you would like or current running config let me know. Im a noob on routers at the moment and just started my routing classes on cisco.

I just want controlled access to portals and AD to work, I believe it worked at one point so there must be something that was changed.

ie. User 1 selects Admin = Prohibited User 1 must select Users to proceed
ie. Vendor 1 selects Users/Admin/Other = Prohibited Vendor 1 must select Vendors to proceed
loginwindow.jpg
ASKER CERTIFIED SOLUTION
Avatar of bkepford
bkepford
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of zenki_fc

ASKER

Well I fixed it :)

it turns out my objects in AD were moved around and the existing map I had configured on the asdm was "invalid" after correcting the paths in ldap-map on cisco and changing some properties in the advanced menus of the tunnel groups I was able to successfully isolate or "point" each user to the right portal.

Now, when Administrators log in they get all the networking functionalities while users and vendors are limited to protocols and other services.

Thanks for your quick response Bkepford!
Though the accepted solution is not exactly how the problem was solved it was indeed related to my initial request.