I am setting up a 5520 ASA for a WebVPN Clientless portal. This is for Non Company, Outside Contractor access Only.
The goal is to make it so each different Contractor will have their own very specific access to what is needed inside.
It looks like I can do this with a Web ACL and filter on a URL or Address / Service and then assign to either a group policy or DAP.
I will have the ASA pointing using Radius to an Entrust server for Authentication with a one time password.
The hang up I'm having is how do I uniquely identify the different contractors so they can only login with their specific Group Policy / Tunnel Group / Web ACL and not login to any others and have their access. Either if Its setup so they pick their specific group from the portal login page or If using a DAP to dynamically assign that.
The old setup we had was just IPSEC using the old VPN client. Would create the Tunnel group and Group policy for the contractor / company and provide them the PCF file with all the information, and have a VPN-filter to only allow specific access.
I'm now just trying to figure the best most appropriate way to do this but with the Clientless portal and possibly the AnyConnect client.
Any recommendations / assistance would be appreciated.