05-14-2011 08:43 PM
Dear All,
I would like to ask some question about VPN clinet and SSL VPN, on my ASA 5510 i have many tunnel-group it have around 5 tunnel-group and i have one SSL VPN,i also have user 20 user. let me show you that:
1- tunnel-group Staff-VPN remote-access
2- tunnel-group Manager-VPN remote-access
3- tunnel-group normalstaff-VPN remote-access
4- tunnel-group guest-VPN remote-access
5- tunnel-group other-VPN remote-access
and
tunnel-group sslgroup type remote-access
and i have user around 20 user and i want to specific user to tunnel-groups like this
1- tunnel-group Staff-VPN remote-access
username AAA password AAA
username AAA01 password AA01
2- tunnel-group Manager-VPN remote-access
username BBB password BBB
username BBB01 password BBB01
3- tunnel-group normalstaff-VPN remote-access
username CCC password CCC
username CCC01 password CCC01
5- tunnel-group other-VPN remote-access
username DDD password DDD
username DDD01 password DDD01
So, How can i manag tunel-groups with user?
Best Regards,
Rechard
05-14-2011 11:26 PM
Hi,
There is no way to differenciate between users in the Tunnel_groups of the Security Appliance local Database. Since those users credentials in the local ASA database, then , you just provide the credentials to the specified users.
HTH
Mohamed
06-11-2011 11:35 PM
Hi,
You can try the group lock feature for the user. This will enable the user to connect to only that one tunnel group and no other tunnel group.
The following link states:
group-policy RemotePolicy internal
group-policy RemotePolicy attributes
dns-server value x.x.x.x
group-lock value RemoteGroup
tunnel-group RemoteGroup type ipsec-ra
tunnel-group RemoteGroup general-attributes
address-pool cisco
authentication-server-group R...Note: OU sets the group policy, and the group policy locks the user into the preferred tunnel-group.
Hope this helps.
Regards,
Anisha
P.S.:pleae mark this thread as answered if you feel your query is resolved. Do rate helpful posts.
06-12-2011 11:11 AM
Hi,
Corrrect, check this discussion if still have doubts:
https://supportforums.cisco.com/message/3372206#3372206
Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide