ASA5500 & SSL VPN client group authorization

- M
- Mike
  
  Contact options for registered users
posted
15 years ago

Wed, Dec 31, 2008 7:51 PM

I'm running a Cisco ASA5520 using the V8 software as a VPN server. I'm setting up the SSL VPN standalone client and would like to know if it's possible to login with that client to a specific group, without actually displaying the group name in the drop down menu? For example, logging in as userid@groupname doesn't seem to work with that client, although it does with the IPSec client!

Secondly, if I must display the group name in the drop down menu, how can I pass that group name to my AAA (Radius) server, so I can authorize the user correctly. Not all users should be able to access all groups. I'm finding the documentation on this topic very unhelpful. Has anyone done this?

-Mike

Loading thread data ...

- J
- Jacques Virchaux
  
  Contact options for registered users
Vote on answer
posted
15 years ago

Wed, Jan 14, 2009 10:56 AM

Mike a écrit :

I use Vlan mapping depending of Atrribute 25 of RADIUS (OU=...).

This attribute is set depending of the realm ...and by default is the 'general guest' Vlan. ASA configuration to manage a trunk with multiple Vlans subinterfaces to be mapped is tricky.

It is not exactly what you need but there are no visible groups and it is only the username (with or without realm) which make RADIUS mapping the correct group (Vlan).

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.