cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1586
Views
0
Helpful
5
Replies

Cisco ASA Clientless VPN and AnyConnect VPN

terryfojas
Level 1
Level 1

Is there a way to allow access to Clientless (webvpn) for some users but not to AnyConnect? We want powerusers to use AnyConnect and normal users to use the Clientless. Right now all users can access either one. We're using IAS RADIUS for authentication. Thanks.

5 Replies 5

jamesfick
Level 1
Level 1

terryfojas- Sorry to jump in on your posting but was wondering if you could help me. How do you have IAS RADIUS setup? We are trying to do that in our office but it fails. Thank you.

Jim

On IAS:

- Create a client that points to your ASA's IP

- Client-vendor is RADIUS Standard

-Check that shared secret matches your ASA's

-Create a Remote Access Policy with "Grant remote access permission" checked.

On ASA:

Enter your IAS' IP on ASDM-Config, Device Management,Users/AAA,AAA Server Groups

I have it setup but when I test it to authenticate a user I get this error message- ERROR: Authentication Rejected:AAA failure.

Our network admin says the IAS is setup to use MS-CHAPv2, but the ASA is sending it via PAP. Can we force MS-CHAP or are we stuck with PAP?

tunnel-group yourvpngroup ppp-attributes

no authentication chap

no authentication ms-chap-v1

authentication ms-chap-v2

Thank you for responding and for your help.

Review Cisco Networking for a $25 gift card