I think you can match any field on the certificate you want doing "crypto ca certificate map NAME #number" and then if the user is using the field CN to introduce itself, you can match it. Then, just enable the tunnel group policy RULES and attach this certificate map to it. It would work fine
On Tue, Aug 3, 2010 at 8:33 AM, Kamran Shakil <[email protected]>wrote: > Dears, > As i was practiing whole day today thru ACL on routers and ASA , i just got > a question in my mind. > > Suppose if i have a VPN and a remote user is connecting , i have two > options to give him for authentication ( preshare or certificate. ) > > If the remote person is not using preshare rather certificate and i wanna > block some of my certificate users and allowing the rest of the users is it > possible ? i heard cisco has made some technique for such scenarios..? > > Kingsly , Tyson ... anyone please ? :) > > regards, > Kamran Shakil > ITA NDC Operations Engineer > Cisco - IT Advance Services Team > MidEast Data Systems LLC Oman > Cell: + 968 95804126 > Office: + 968 24576640 > > Confidentiality Warning: "This message and any attachments are intended > only for the use of the intended recipient(s), are confidential, and may be > privileged. If you are not the intended recipient, you are hereby notified > that any review, retransmission, conversion to hard copy, copying, > circulation or other use of all or any portion of this message and any > attachments is strictly prohibited. If you are not the intended recipient, > please notify the sender immediately by return e-mail, and delete this > message and any attachments from your system." > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
