06-02-2011 03:48 PM
I have two ssl vpn profile, can I restricts user to access only one ssl vpn profile when they get the ssl vpn service page. Each profile I create different type of access and they will get different client IP address.
Solved! Go to Solution.
06-02-2011 05:28 PM
Hi,
Yes, with many different ways; one of them is by using group-lock which is a simple check to validate if the Tunnel Group or Connection Profile as you called it you connect with matches what you have defined under the group-policy. If the Tunnel-Group-Lock value matches (true condition), the VPN remote access session is allowed to setup; otherwise the session is not allowed to establish.
The tunnel-group-lock featurecan be set in the following ways:
http://www.cisco.com/en/US/partner/docs/security/asa/asa82/configuration/guide/vpngrp.html#wp1134870
***Step 4
Regards,
06-02-2011 08:54 PM
Hi,
You can do that.
e.g.
Username cisco password cisco
username cisco attriubutes
group-lock
Hope this helps.
Regards,
Anisha
P.S.:please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.
06-03-2011 09:50 AM
Hi,
That is nice.. Please mark this thread as answered so that others can benefit from your post.
Regards,
Anisha
06-05-2011 09:29 PM
Right, remember to rate the posts that help you and mark your questions as resolved if you don't need further help.
06-02-2011 05:28 PM
Hi,
Yes, with many different ways; one of them is by using group-lock which is a simple check to validate if the Tunnel Group or Connection Profile as you called it you connect with matches what you have defined under the group-policy. If the Tunnel-Group-Lock value matches (true condition), the VPN remote access session is allowed to setup; otherwise the session is not allowed to establish.
The tunnel-group-lock featurecan be set in the following ways:
http://www.cisco.com/en/US/partner/docs/security/asa/asa82/configuration/guide/vpngrp.html#wp1134870
***Step 4
Regards,
06-02-2011 05:53 PM
Thanks, I created local users in ASA, I am not using LDAP or RADIUS server. Am I still be able to use group-lock command?
06-02-2011 07:01 PM
Yes, absolutely.
06-02-2011 08:54 PM
Hi,
You can do that.
e.g.
Username cisco password cisco
username cisco attriubutes
group-lock
Hope this helps.
Regards,
Anisha
P.S.:please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.
06-03-2011 08:47 AM
With your help I am able to find the answer.
username cisco password cisco
username cisco attributes
service-type remote-access
group-policy VPN_Inside attributes
group-lock value VPN_Inside
Thank you all.
06-03-2011 09:50 AM
Hi,
That is nice.. Please mark this thread as answered so that others can benefit from your post.
Regards,
Anisha
06-05-2011 09:29 PM
Right, remember to rate the posts that help you and mark your questions as resolved if you don't need further help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide