You have to enable group-alias's and assign them to the tunnel groups. Then make sure you download the group-policy name from ACS to confirm the policies the users should recieve.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Sumit Mahla Sent: Friday, May 07, 2010 2:24 PM To: [email protected] Subject: Re: [OSL | CCIE_Security] WEBVPN user restriction i defined vpn-group-policy under username attributes... i also defined the default group policy under tunnel group... and applied the webtype acl as filter value in the group policy.. still the below given restrictions are not working.. _____ From: [email protected] To: [email protected] Date: Fri, 7 May 2010 23:52:26 +0530 Subject: [OSL | CCIE_Security] WEBVPN user restriction Hello All, i want to restrict two particular users to 2 different tunnel-groups... And i also want that these two tunnel group should have different group url... Like if i one secureme.cisco.com only user ciscosecure should be able to authenticate... and after authentication he shouls be able to able to access any device and if i access securemenot.cisco.com then user ciscosecuremenot should be able to authenticate... and should only be able to access one device... webvpn is working.... but the either of the two user's are able to access through any of the group url and after authentication the filter acl is not applying any restriction _____ Catch the changing security environment Get it now. <http://news.in.msn.com/internalsecurity/> _____ The latest auto launches and test drives Drag n' drop <http://autos.in.msn.com/>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
