Accessing Home Dir's via ASA SSL VPN

neallewis · ‎08-15-2006

I have an ASA 5540 and an ACS 4.0. i am configuring an SSL based VPN for users in an active directory. I want to give the users access to their Windows Home Dir and have created a CIFS link in the URL list in the tunnel group policy for those users.

I want to give the users access to \\SERVER\Share\%username% as it is described in windows terms. how do a go about this in the ASA, as the above does not work at all? the ASA wants to use the / instead of \ in the CIFS shares. It works fine for normal shares and hidden share specified with $, but not using the %username% variable.

The documentation on SSL VPNS on both ASA and ACS 4.0 is terrible.

Best regards,

Neal Lewis

tgrundbacher · ‎02-02-2012

This question might be a bit outdated, yet I stumbled across it since even in times of OS 8.4(3), I've had exactly the same problem. Menawhile I've found the solution to it:

You can work with the usual WebVPN variables which ASA offers for single sign-on (SSO) purposes. The following example works for my customer for a profile in which he applies two-factor authentication and allows his users to access their Windows home share using SSO (using the secondary WebVPN login information, which is their AD login name, accessed via LDAP):

Bookmark URL:
cifs:///CSCO_WEBVPN_SECONDARY_USERNAME%24 (where %24 is a code substitution for the '$' sign)
SSO config:
group-policy attributes
webvpn
auto-signon allow ip auth-type ntlm username CSCO_WEBVPN_SECONDARY_USERNAME password CSCO_WEBVPN_SECONDARY_PASSWORD

There are two important things to consider, though:

The share name *must* match the user's login name
The folder effectively has to be configured to be a share (not just an ordinary folder). My tests have shown that it doesn't work even if that desired, ordinary destination folder is a subfolder of an accessible share.

Hope that helps other people.

Toni