10-11-2005 07:45 PM
Does anyone know if it is possible to allow different access to groups that connect via the SSL VPN clients.
If I understand the Concentrators documentation correctly, all SSL thick client and webVPN users fall under the Base group, there's no method to apply differentiated access to separate groups or individuals such as there is when using IPSEC.
If that is true then I would say that's a significant limitation of Cisco's current SSL VPN implementation.
10-17-2005 06:16 AM
You cannot differentiate between groups as they all fall under basegroup.
02-07-2006 08:49 AM
Its posible,
use RADIUS server and atribute 25
ou=groupname
You must create group on VPN3000 and configure RADIUS
to match this group.
02-08-2006 01:05 PM
Yes but this is after initial RADIUS authentication which is defined att the global system level.
I have a problem having one SSL group only accessing webservers. In this group it is sufficient with username/password authencation. Then we have a SSL group for technicians that have all kind of TCP/IP access to the network. I want to authenticate these users with another RADIUS server that has build in OTP support. As far as I know this is impossible.
Rutger
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide