If I am not wrong, you should use only 1 attribute: Tunnel-Group-Lock = TUNNEL_GROUP
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ref_extserver.html#wp1661512 On Wed, Feb 16, 2011 at 1:58 PM, Diego Cambronero < [email protected]> wrote: > Thank you very much Bruno. Do you have any link for the radius > configuration. I have been looking in cisco with no luck. > > > > > > > > [image: Firma ITS] > > > > *De:* Bruno [mailto:[email protected]] > *Enviado el:* Miércoles, 16 de Febrero de 2011 09:36 a.m. > *Para:* Diego Cambronero > *CC:* [email protected] > *Asunto:* Re: [OSL | CCIE_Security] SSL Anyconnect Question > > > > There are 2 ways, locally and by radius attributes. > The local way is under user attributes. You can tie a user with a > tunnel-group > username CISCO attributes > group-lock value TUNNEL-GROUP > > Under tunnel-group you would need your alias configuration > > tunnel-group TUNNEL-GROUP webvpn-attributes > group-alias ALIAS enable > > On Wed, Feb 16, 2011 at 12:14 PM, Diego Cambronero < > [email protected]> wrote: > > Anyone know if it is posible? > > > > > > > > Hi everybody, > > > > I have a question about SSL VPN. Is it posible to create an Anyconnect for > 2 different groups using local authentication but only permit the username1 > to Access the group-alias 1? > > > > I mean I have 2 different profiles for the anyconnect clients, I am > authenticating them locally and I do not want a user with Access to both > groups only one. > > > > Is there any way how this can be achived by modifying the username > attributes. > > > > > > > > I’m doing this in an ASA. > > > > > > > > [image: Firma ITS] > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > > -- > Bruno Fagioli (by Jaunty Jackalope) > Cisco Security Professional > -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
<<image001.jpg>>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
