09-11-2013 09:32 PM
We are going to enable VPN access on ASA5585X. We would like to have the same web login page for all users.
By authenticating the user against an ISE, which forwards the authentication request to Active directory servers, a specific web portal page is presented to different groups of user. Can it be accomplished on the ASA using dynamic access policies? Or any other workaround?
Thanks a lot.
09-11-2013 10:11 PM
Hello Daniel,
So you want to show the login page for any user even if they belong to different tunnel-groups?
Is that what you are asking?
I think that you could use group-locks and then with that you will bypass any drop-down list and just make sure the banners, etc information is the same for all of them!.
Not sure if that was what you were asking...
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
Any question contact me at jcarvaja@laguiadelnetworking.com
Cheers,
Julio Carvajal Segura
09-11-2013 11:30 PM
Yes I want all users to see the same login page even if they belong to different tunnel-groups.
After logging in they would only see resources that they are allowed to access.
The user accounts are all in the Active directory. Can I still use group locks?
09-12-2013 09:00 AM
Hello Daniel,
Yes, U should.
Here is one discussion about group-locks via ACS (I know you are using ISE). You can see at least the logic behind it and the attribute values being mapped
https://supportforums.cisco.com/thread/2063181
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
Any question contact me at jcarvaja@laguiadelnetworking.com
Cheers,
Julio Carvajal Segura
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide