[c-nsp] ASA ssl webvpn question

jkrejci at usinternet.com jkrejci at usinternet.com
Tue Jan 11 08:00:27 EST 2011


With local user auth you can also define users to exclude them from access to the vpn or to ssh on the asa itself.

Sent via BlackBerry from T-Mobile

-----Original Message-----
From: Ryan West <rwest at zyedge.com>
Sender: cisco-nsp-bounces at puck.nether.net
Date: Tue, 11 Jan 2011 12:34:54 
To: dalton<daltons at panix.com>; cisco-nsp at puck.nether.net<cisco-nsp at puck.nether.net>
Subject: Re: [c-nsp] ASA ssl webvpn question

dalton wrote:
> Hi all,
> I am in the process of reading through docs etc on this, but was 
> hoping someone maybe has done this before and can give me a quick answer.
> 
> I have an ASA running ssl vpn as well as normal remote access (cisco client based).
> What I am trying to do is exclude 1 particular user from using the ssl vpn.
> 
> Is there a way to do this via tunnel-group or group-policy?
> 
> Thanks for any insight.

It depends on where your user database is.   You can assign group-policy membership on the ASA for each user, via RADIUS attributes, or through an LDAP dig.  You can use DAP to combine the responses as well.  Each group policy can have specific vpn-tunnel-protocols assigned to it.

-ryan 

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list