Hi Eugene, Your aaa authentication list name in your webvpn context does not match the name identified in your aaa policy. Is that only in the email, or is it that way on your real config as well?
Jason On Mon, Aug 27, 2012 at 11:03 PM, Eugene Pefti <[email protected]>wrote: > Guys,**** > > Has anyone of you thoroughly tested what I said in the subject?**** > > I’m having a strange behavior of the web page when I try to login as a > member of different contexts.**** > > I have two contexts ADMIN and USER (see below config). They all use the > same gateway and to differentiate between them I use domain string. **** > > This is a minimalistic setup for webvpn without any group-policies just to > prove it as a concept.**** > > ** ** > > *aaa new-model* > > *aaa authentication login SSLVPN local* > > *username admin privilege 15 password 0 cisco123* > > *username user password 0 cisco* > > * * > > *crypto pki trustpoint SSL-GW-TP* > > *enrollment selfsigned* > > *revocation-check crl* > > *rsakeypair SSL-TP-KEY 1024* > > * * > > *webvpn gateway SSLGW* > > *ip address 192.168.3.1 port 443* > > *ssl trustpoint SSL-GW-TP* > > *logging enable* > > *inservice* > > *!* > > *webvpn context ADMIN* > > *title "Admin Context"* > > *ssl authenticate verify all* > > *aaa authentication list SSL-GLOBAL* > > *gateway SSLGW domain admin* > > *inservice* > > * * > > *webvpn context USER* > > *title "User context"* > > *ssl authenticate verify all* > > *aaa authentication list SSL-GLOBAL* > > *gateway SSLGW domain user* > > *inservice***** > > ** ** > > Then I try to login to the web portal from the Test PC as > https://192.168.3.1/admin and see the page with my admin title (Admin > Context), login as admin and see the internal page with the same admin > context title.**** > > If I login as a user to https://192.168.3.1/user I see the same title on > the page (the one I supposed to see for admin) and I don’t see the user > title. Logging in as user and again see the title for admin user.**** > > ** ** > > Then I try to complicate things and introduce the domain part in the > authentication inside the context, i.e. “aaa authentication domain NAME” > and can’t login since then**** > > ** ** > > Now my contexts look like this:**** > > ** ** > > *webvpn context ADMIN* > > *title "Admin Context"* > > *ssl authenticate verify all* > > *aaa authentication list SSL-GLOBAL* > > *aaa authentication domain admin* > > *gateway SSLGW domain admin* > > *inservice* > > * * > > *webvpn context USER* > > *title "User context"* > > *ssl authenticate verify all* > > *aaa authentication list SSL-GLOBAL* > > *aaa authentication domain user* > > *gateway SSLGW domain user* > > *inservice***** > > ** ** > > Any idea what’s wrong this time?**** > > ** ** > > ** ** > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
