Re: [OSL | CCIE_Security] ASA remote access group-locj

[Tyson Scott]

It is the same function as IOS.  If a user is tied to a group then that user
is not allowed to authenticate to other tunnel-groups.

 

Regards,

 

Tyson Scott - CCIE #13513 R&S, Security, and SP

Managing Partner / Sr. Instructor - IPexpert, Inc.

Mailto:  <mailto:tsc...@ipexpert.com> tsc...@ipexpert.com

Telephone: +1.810.326.1444, ext. 208

Live Assistance, Please visit:  <http://www.ipexpert.com/chat>
www.ipexpert.com/chat

eFax: +1.810.454.0130

 

IPexpert is a premier provider of Self-Study Workbooks, Video on Demand,
Audio Tools, Online Hardware Rental and Classroom Training for the Cisco
CCIE (R&S, Voice, Security & Service Provider) certification(s) with
training locations throughout the United States, Europe, South Asia and
Australia. Be sure to visit our online communities at
<http://www.ipexpert.com/communities> www.ipexpert.com/communities and our
public website at  <http://www.ipexpert.com/> www.ipexpert.com

 

From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Kingsley
Charles
Sent: Wednesday, May 26, 2010 7:10 AM
To: Johan Bornman
Cc: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] ASA remote access group-locj

 

Hi Johan

Actually, I sent it for clarification. Just wanted to understand what does
ASA's group-lock do?



With regards
Kings

On Wed, May 26, 2010 at 3:57 PM, Johan Bornman <jo...@isc.co.za> wrote:

Thanks for the share Kings.

 

From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Kingsley
Charles
Sent: 26 May 2010 10:10 AM


To: ccie_security@onlinestudylist.com

Subject: [OSL | CCIE_Security] ASA remote access group-locj

 

Hi all

This link explains that the group name sent by the client should match XXXX
of the group-lock value "XXXX"

http://www.cisco.com/en/US/docs/security/asa/asa81/command/ref/gh.html#wp175
5271

This link explains that the attribute 25 class OU=RemotePolicy field of the
user in Radius should match XXXX of group-lock value "XXXX".

With ASA local database authentication the "memberof" should match XXXX of
group-lock value "XXXX".

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_qanda_item091
86a00805b87d8.shtml#newqa



With regards
Kings

 


_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com