Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
470
Views
0
Helpful
2
Replies

How to recreate similar access control in WebVPN

maltuna
Level 1
Level 1

‎10-01-2009 09:28 AM - edited ‎02-21-2020 03:42 AM

So with the ipsec client, it was easy to distribute PCF files to folks based on what you wanted to access... different group name, different ACLs, different PCF. So in order to use that vpngroup's access, you had to have the PCF.

However, with WebVPN, this is not the case. Any user can pick any groupname in the drop down window, which means there's no longer a simple way to control who can use what group.

Anyone have any thoughts/suggestions on how to overcome this issue with the webVPN?

0 Helpful
2 Replies 2

maltuna
Level 1
Level 1

‎10-01-2009 09:42 AM

So I found two examples of using Secure ACS and using LDAP to assign a policy at logon... but we have neither in our environment (we use microsoft AD, with IAS server's version of RADIUS)... hmm...

0 Helpful

auraza
Cisco Employee
Cisco Employee
In response to maltuna

‎10-08-2009 02:24 PM

You can use IAS to do the same thing. You can have it return the Class attribute with the name of the group-policy - remember, it maps to the group-policy, not the tunnel-group, so you want to put the name of the group-policy you want to map that user to.

This setting should be available under the RAS policy for the specific group.

PS. If this post was helpful, please rate it.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card