https://community.cisco.com/t5/network-security/wevbpn-restrict-access/m-p/858066#M974109 <P>Hi,</P><P>i have ASA 7.2 with ACS 4.0, all authentication is done on the ACS, now if i enable webvpn, how can i restrict specific user from my network to access it, so that not anyone who has a user and pass on ACS can access it, what attribute should i use ?</P><P></P><P>thank you</P> Mon, 11 Mar 2019 11:19:09 GMT josephium 2019-03-11T11:19:09Z https://community.cisco.com/t5/network-security/wevbpn-restrict-access/m-p/858066#M974109 <P>Hi,</P><P>i have ASA 7.2 with ACS 4.0, all authentication is done on the ACS, now if i enable webvpn, how can i restrict specific user from my network to access it, so that not anyone who has a user and pass on ACS can access it, what attribute should i use ?</P><P></P><P>thank you</P> Mon, 11 Mar 2019 11:19:09 GMT https://community.cisco.com/t5/network-security/wevbpn-restrict-access/m-p/858066#M974109 josephium 2019-03-11T11:19:09Z https://community.cisco.com/t5/network-security/wevbpn-restrict-access/m-p/858067#M974110 <HTML><HEAD></HEAD><BODY><P>Hi .. you need to use IETF attribute 25 class. The below link will give you an idea of what you need to do. Basically you would need to use group-lock on the ASA. I have configured this before but don't have access to the devices right now. Have a look at the below link and let me know if you still can't work out how to do it. </P><P></P><P></P><P></P><P>I hope it helps .. please rate it if it does !!!</P><P></P><P></P><P><A class="jive-link-custom" href="http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K01201325" target="_blank">http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K01201325</A></P><P></P></BODY></HTML> Tue, 02 Oct 2007 06:35:16 GMT https://community.cisco.com/t5/network-security/wevbpn-restrict-access/m-p/858067#M974110 Fernando_Meza 2007-10-02T06:35:16Z https://community.cisco.com/t5/network-security/wevbpn-restrict-access/m-p/858068#M974111 <HTML><HEAD></HEAD><BODY><P>thank you for your fast response, but by using this IETF attribute i can make sure that other users in ACS (the ones that i don't want to enable) will not be able to authenticate in the webvpn ? and shouldn't i use the Radius of vpn/asa instead of the IETF radius ?</P><P></P><P>thank you</P></BODY></HTML> Wed, 03 Oct 2007 07:20:35 GMT https://community.cisco.com/t5/network-security/wevbpn-restrict-access/m-p/858068#M974111 josephium 2007-10-03T07:20:35Z