Typically when IOS receives the username it should strip the @ and use the string after @ to identify the group the user belongs to. I would think that aaa authentication domain CTX_A should suffice. Did you test?
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Vybhav Ramachandran Sent: Monday, June 07, 2010 6:54 AM To: OSL Security Subject: [OSL | CCIE_Security] Group locking in WEBVPN Hello All, I just faced a task which said , user X should not be allowed to join any other webvpn context other than context CTX_A . This involved 2 commands "aaa authentication domain @CTX_A" and " aaa authentication domain CTX_A" I didn't understand the concept. Could someone please explain? Cheers and Thanks, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
