ASA5500 & SSL VPN client group authorization

I'm running a Cisco ASA5520 using the V8 software as a VPN server. I'm setting up the SSL VPN standalone client and would like to know if it's possible to login with that client to a specific group, without actually displaying the group name in the drop down menu? For example, logging in as userid@groupname doesn't seem to work with that client, although it does with the IPSec client!

Secondly, if I must display the group name in the drop down menu, how can I pass that group name to my AAA (Radius) server, so I can authorize the user correctly. Not all users should be able to access all groups. I'm finding the documentation on this topic very unhelpful. Has anyone done this?


Reply to
Loading thread data ...

Mike a écrit :

I use Vlan mapping depending of Atrribute 25 of RADIUS (OU=...).

This attribute is set depending of the realm ...and by default is the 'general guest' Vlan. ASA configuration to manage a trunk with multiple Vlans subinterfaces to be mapped is tricky.

It is not exactly what you need but there are no visible groups and it is only the username (with or without realm) which make RADIUS mapping the correct group (Vlan).

Reply to
Jacques Virchaux Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.