10-01-2009 09:28 AM - edited 02-21-2020 03:42 AM
So with the ipsec client, it was easy to distribute PCF files to folks based on what you wanted to access... different group name, different ACLs, different PCF. So in order to use that vpngroup's access, you had to have the PCF.
However, with WebVPN, this is not the case. Any user can pick any groupname in the drop down window, which means there's no longer a simple way to control who can use what group.
Anyone have any thoughts/suggestions on how to overcome this issue with the webVPN?
10-01-2009 09:42 AM
So I found two examples of using Secure ACS and using LDAP to assign a policy at logon... but we have neither in our environment (we use microsoft AD, with IAS server's version of RADIUS)... hmm...
10-08-2009 02:24 PM
You can use IAS to do the same thing. You can have it return the Class attribute with the name of the group-policy - remember, it maps to the group-policy, not the tunnel-group, so you want to put the name of the group-policy you want to map that user to.
This setting should be available under the RAS policy for the specific group.
PS. If this post was helpful, please rate it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide