Hi Eugene, I think you need to change
username admin privilege 15 password 0 cisco123 username user password 0 cisco To username admin@ADMIN privilege 15 password 0 cisco123 username user@USER password 0 cisco Regards, Mohamed Abdin On Tue, Aug 28, 2012 at 7:35 AM, Mike Rojas <[email protected]> wrote: > You will be able to login without the @.... but it will load only one > context. > > Mike. > ________________________________ > From: [email protected] > To: [email protected] > Date: Tue, 28 Aug 2012 05:28:14 +0000 > CC: [email protected] > > Subject: Re: [OSL | CCIE_Security] SSL VPN, one gateway, two contexts > > Hi Jason, > > I fixed it, it was in my email only. See config in the previous email > > > > Eugene > > > > From: Jason Madsen [mailto:[email protected]] > Sent: Monday, August 27, 2012 10:25 PM > To: Eugene Pefti > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] SSL VPN, one gateway, two contexts > > > > Hi Eugene, > > > > Your aaa authentication list name in your webvpn context does not match the > name identified in your aaa policy. Is that only in the email, or is it > that way on your real config as well? > > > > Jason > > > > > > On Mon, Aug 27, 2012 at 11:03 PM, Eugene Pefti <[email protected]> > wrote: > > Guys, > > Has anyone of you thoroughly tested what I said in the subject? > > I’m having a strange behavior of the web page when I try to login as a > member of different contexts. > > I have two contexts ADMIN and USER (see below config). They all use the same > gateway and to differentiate between them I use domain string. > > This is a minimalistic setup for webvpn without any group-policies just to > prove it as a concept. > > > > aaa new-model > > aaa authentication login SSLVPN local > > username admin privilege 15 password 0 cisco123 > > username user password 0 cisco > > > > crypto pki trustpoint SSL-GW-TP > > enrollment selfsigned > > revocation-check crl > > rsakeypair SSL-TP-KEY 1024 > > > > webvpn gateway SSLGW > > ip address 192.168.3.1 port 443 > > ssl trustpoint SSL-GW-TP > > logging enable > > inservice > > ! > > webvpn context ADMIN > > title "Admin Context" > > ssl authenticate verify all > > aaa authentication list SSL-GLOBAL > > gateway SSLGW domain admin > > inservice > > > > webvpn context USER > > title "User context" > > ssl authenticate verify all > > aaa authentication list SSL-GLOBAL > > gateway SSLGW domain user > > inservice > > > > Then I try to login to the web portal from the Test PC as > https://192.168.3.1/admin and see the page with my admin title (Admin > Context), login as admin and see the internal page with the same admin > context title. > > If I login as a user to https://192.168.3.1/user I see the same title on the > page (the one I supposed to see for admin) and I don’t see the user title. > Logging in as user and again see the title for admin user. > > > > Then I try to complicate things and introduce the domain part in the > authentication inside the context, i.e. “aaa authentication domain NAME” and > can’t login since then > > > > Now my contexts look like this: > > > > webvpn context ADMIN > > title "Admin Context" > > ssl authenticate verify all > > aaa authentication list SSL-GLOBAL > > aaa authentication domain admin > > gateway SSLGW domain admin > > inservice > > > > webvpn context USER > > title "User context" > > ssl authenticate verify all > > aaa authentication list SSL-GLOBAL > > aaa authentication domain user > > gateway SSLGW domain user > > inservice > > > > Any idea what’s wrong this time? > > > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > > > _______________________________________________ For more information > regarding industry leading CCIE Lab training, please visit www.ipexpert.com > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
