Solved

Setup ACL Cisco ASDM 6.1 (Cisco 5510 series) for Clientless VPN - LDAP/Local

Posted on 2009-07-14
3
864 Views
Last Modified: 2013-12-24
Hey guys.

I am in the middle of setting up a clientless VPN and everything seems to be set (minus certificate, but that doesnt matter right now) but I can't seem to get each custom portal to be its own.

What I am saying is simply, How can I restrict access to other custom portals?

I've already configured Group Policys, AAA Server Groups and LDAP Maps. Two connection profiles have been set as well enabling the drop down menu at login. The problem is, any user with the right password can visit either custom page/portal. Im not sure if I configured the LDAP Map correctly or AAA Groups for that matter.

I also noticed a Web ACL option/setup. Would that by any chance be helpful to my question? If so, I could use some help in setting it up. If there is any screencaptures you would like or current running config let me know. Im a noob on routers at the moment and just started my routing classes on cisco.

I just want controlled access to portals and AD to work, I believe it worked at one point so there must be something that was changed.

ie. User 1 selects Admin = Prohibited User 1 must select Users to proceed
ie. Vendor 1 selects Users/Admin/Other = Prohibited Vendor 1 must select Vendors to proceed
loginwindow.jpg
0
Comment
Question by:zenki_fc
  • 2
3 Comments
 
LVL 15

Accepted Solution

by:
bkepford earned 250 total points
Comment Utility
Lookup Dynamic Access Policies (DAP) that should get you what you're looking for.
0
 
LVL 1

Author Comment

by:zenki_fc
Comment Utility
Well I fixed it :)

it turns out my objects in AD were moved around and the existing map I had configured on the asdm was "invalid" after correcting the paths in ldap-map on cisco and changing some properties in the advanced menus of the tunnel groups I was able to successfully isolate or "point" each user to the right portal.

Now, when Administrators log in they get all the networking functionalities while users and vendors are limited to protocols and other services.

Thanks for your quick response Bkepford!
0
 
LVL 1

Author Closing Comment

by:zenki_fc
Comment Utility
Though the accepted solution is not exactly how the problem was solved it was indeed related to my initial request.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

This article describes some very basic things about SQL Server filegroups.
I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now