Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
550
Views
5
Helpful
6
Replies

Groups in WebVPN

Go to solution
admin_2
Level 3
Level 3

‎04-26-2004 11:40 PM - edited ‎03-09-2019 07:12 AM

Hello,

I have configured Web-VPN on my Cisco 3000 Concentrator, it works fine. Now I would like to configure users in different groups, so that one user is allowed to use certain applications, and other users are allowed to use other services. Now, all users authenticate remotely (RADIUS) and seem to land in the base group.

Any good ideas ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
engel
Level 2
Level 2

‎04-27-2004 12:31 AM

I think , after the user authenticated, return back the group for that user using Class attribute (25) from RADIUS. Let me know if it is worked.

View solution in original post

6 Replies 6

Go to solution
engel
Level 2
Level 2

‎04-27-2004 12:31 AM

I think , after the user authenticated, return back the group for that user using Class attribute (25) from RADIUS. Let me know if it is worked.

Go to solution
Not applicable
In response to engel

‎04-28-2004 10:55 PM

Hallo,

thanx, it worked! On my Cisco ACS, I configured two users with class attribute(25) OU=vpngroup1; and OU= vpngroup2;. On the Concentrator, I configured the two groups with different allowed applications. After login, the users can only connect to the allowed applications.

great!

0 Helpful

Go to solution
bma
Level 1
Level 1

‎04-28-2004 04:18 PM

Hi

Do you get to fix? I have same problem. From Cisco doc, can setup attribute OU=group_name assign to user to a particular group, but I try it in the Cisco ACS and not working.

Thanks

ben

0 Helpful

Go to solution
Not applicable
In response to bma

‎04-28-2004 10:57 PM

hello,

see the answer above. How did you configure the concentrator ? What are the settings for the group ?

0 Helpful

Go to solution
bma
Level 1
Level 1
In response to

‎04-29-2004 01:18 PM

Hi

I setup a ssl_vpn group in the 3015 and enable webvpn and setup www and port forward for the webvpn,

but from webvpn login only get base group permit.

I am using Cisco ACS 2.64, and I try attribute 11 and attribute 25 for one user, but it's not work.

Do you use IETF or Cisco VPN 3000 for the RADIUS for the Concentrator 3000 (in the ACS NAS Authenticate using)? is class 25 only IETF? I am using RADIUS with Cisco VPN 3000 now, maybe I need to change to IETF.

Thanks

ben

0 Helpful

Go to solution
gfullage
Cisco Employee
Cisco Employee
In response to bma

‎04-29-2004 03:49 PM

Return Radius (IETF) attribute 25 (Class), and make sure it is in the form:

OU=;

OU is in capitals, and make sure you include the semi-colon at the end, your original post didn't show that you had that.

See http://www.cisco.com/en/US/tech/tk583/tk547/technologies_configuration_example09186a00800946a2.shtml for the format, this sample config is not for WebVPN specifically but the concept of locking a user into a group is the same.

0 Helpful
Customers Also Viewed These Support Documents