Yes. If you are doing it locally make sure to use the group-alias commands in the tunnel group and the user will select the group. Next you would need to add the attributes to the local users to restrict the groups they can authenticate to.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Sumit Mahla [mailto:[email protected]] Sent: Friday, May 07, 2010 2:51 PM To: [email protected]; [email protected] Subject: RE: [OSL | CCIE_Security] WEBVPN user restriction Is it not possible locally on ASA ? I think the mistake i made is that to enable filter value... i need to first enable filtering by using using fuction filter command... Am i right ? _____ From: [email protected] To: [email protected]; [email protected] Subject: RE: [OSL | CCIE_Security] WEBVPN user restriction Date: Fri, 7 May 2010 14:31:13 -0400 You have to enable group-alias's and assign them to the tunnel groups. Then make sure you download the group-policy name from ACS to confirm the policies the users should recieve. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Sumit Mahla Sent: Friday, May 07, 2010 2:24 PM To: [email protected] Subject: Re: [OSL | CCIE_Security] WEBVPN user restriction i defined vpn-group-policy under username attributes... i also defined the default group policy under tunnel group... and applied the webtype acl as filter value in the group policy.. still the below given restrictions are not working.. _____ From: [email protected] To: [email protected] Date: Fri, 7 May 2010 23:52:26 +0530 Subject: [OSL | CCIE_Security] WEBVPN user restriction Hello All, i want to restrict two particular users to 2 different tunnel-groups... And i also want that these two tunnel group should have different group url... Like if i one secureme.cisco.com only user ciscosecure should be able to authenticate... and after authentication he shouls be able to able to access any device and if i access securemenot.cisco.com then user ciscosecuremenot should be able to authenticate... and should only be able to access one device... webvpn is working.... but the either of the two user's are able to access through any of the group url and after authentication the filter acl is not applying any restriction _____ Catch the changing security environment Get it now. <http://news.in.msn.com/internalsecurity/> _____ The latest auto launches and test drives Drag n' <http://autos.in.msn.com/> drop _____ Invest your money wisely post Budget Sign up now. <http://news.in.msn.com/moneyspecial/>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
