Not sure about the fail but you can do the same thing using the alias so the user would go to the url https://ASA-ip/SSL this would then lock them to the group
From: [email protected] [mailto:[email protected]] On Behalf Of Derek Sent: 17 November 2011 19:05 To: [email protected] Subject: [OSL | CCIE_Security] ASA Webvpn Tunnel Group Association.. I can get the user to bind to a particular tunnel group based on a drop down menu no problem. But I want to do this same concept w/o the user selecting a group from the drop down and just bind his username to a group within the config. Its still going to the defaultWEBVPNgroup and the user fails to login...why? webvpn enable inside group-policy admins internal group-policy admins attributes banner value Welcome-Admins vpn-tunnel-protocol webvpn group-lock value SSL username admin password f3UhLvUj1QsXsuK7 encrypted privilege 15 username admin attributes vpn-group-policy admins group-lock value SSL tunnel-group SSL type remote-access tunnel-group SSL general-attributes default-group-policy admins tunnel-group SSL webvpn-attributes group-alias admins enable debug %ASA-6-113008: AAA transaction status ACCEPT : user = admin %ASA-7-734003: DAP: User admin, Addr 192.168.2.15<http://192.168.2.15>: Session Attribute aaa.cisco.grouppolicy = admins %ASA-7-734003: DAP: User admin, Addr 192.168.2.15<http://192.168.2.15>: Session Attribute aaa.cisco.class = admins %ASA-7-734003: DAP: User admin, Addr 192.168.2.15<http://192.168.2.15>: Session Attribute aaa.cisco.username = admin %ASA-7-734003: DAP: User admin, Addr 192.168.2.15<http://192.168.2.15>: Session Attribute aaa.cisco.tunnelgroup = DefaultWEBVPNGroup %ASA-6-734001: DAP: User admin, Addr 192.168.2.15, Connection Clientless: The following DAP records were selected for this connection: DfltAcce ssPolicy webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name = webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4 webvpn_login_transcend_cert_auth_cookie: tg_cookie = NULL, tg_name = webvpn_login_set_auth_group_type: WEBVPN_AUTH_GROUP_TYPE = 4 webvpn_remove_auth_handle: SESS_Mgmt_FreeSession(0x00026000) (38)
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
