cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
707
Views
0
Helpful
4
Replies

Clientless SSL VPN - Different networks based on login credentials?

Hi Guys,

I want to be able to display different cifs:// and unc paths based on the user that logs into the SSL portal.

Could somebody assist me in how this can be done? I couldn't find it documented somewhere...maybe I'm just going blind.

any help is appreciated.

Many thanks.

1 Accepted Solution

Accepted Solutions

Oh, okay.  That's not difficult.  I don't have any documentation or anything, but assuming you already have your separate groups already configured, here's what you have to do (in ASDM):

  1. Go to Configuration --> Device Management --> Users/AAA --> User Accounts
  2. Select the username you want to assign a group policy to
  3. Click 'Edit'
  4. In the popup window, click VPN Policy on the menu on the left
  5. Your first option on the right should be Group Policy
  6. Uncheck 'Inherit' and assign a Group Policy
  7. Click 'OK'
  8. Click 'Apply'

Repeat this for each username.  That ought to do it.  Let me know if this is what you are looking for.

Please rate helpful posts.

View solution in original post

4 Replies 4

Antonio Knox
Level 7
Level 7

I'm not sure if you are using ACS for authentication, but I accomplished this by using the RADIUS feature in ACS.  You can use it to assign a group policy based on username or group in which a user is in.  Here's more:   http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808cf897.shtml  Create your separate group policies with their own web customizations (different cifs://), then follow the instructions to map the users or user groups to the group policies.

Hi,

At the moment I am just using local Auth.

I think I can assign an group policy to a user can't I?

The issue I have is assigning the cifs:// to the particular group policy. Thats the documentation I'm looking for.

cheers.

Oh, okay.  That's not difficult.  I don't have any documentation or anything, but assuming you already have your separate groups already configured, here's what you have to do (in ASDM):

  1. Go to Configuration --> Device Management --> Users/AAA --> User Accounts
  2. Select the username you want to assign a group policy to
  3. Click 'Edit'
  4. In the popup window, click VPN Policy on the menu on the left
  5. Your first option on the right should be Group Policy
  6. Uncheck 'Inherit' and assign a Group Policy
  7. Click 'OK'
  8. Click 'Apply'

Repeat this for each username.  That ought to do it.  Let me know if this is what you are looking for.

Please rate helpful posts.

Thanks Antonio,

Thats exaclty what I was after, it is a lot simpler than I thought it would be.

The next problem I have is that they are using LDAP to authenticate, I know I can map ldap group's to group policys, but haven't seen if its possible to map ldap usernames to group policies. I'll post this question as a seperate post.

Many thanks!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: