RE: SSL VPN + CSD [7:137536]

Manoj,

Set your mapped group-policy to this:

vpn-tunnel-protocol webvpn

That should restrict users in that group to only the clientless offering.

-ryan

From: manoj prajapati [mailto:manoj4784_at_gmail.com]
Sent: Tuesday, November 24, 2009 2:23 AM
To: Cisco certification
Cc: cisco_at_groupstudy.com; Ryan West
Subject: Re: SSL VPN + CSD [7:137536]

Hi,

Successfully done the Integration with AD.
can it is possible, Users from one group in AD should only be allowed to use
SSL ?

Regards,
Manoj
On Wed, Nov 18, 2009 at 5:26 PM, Ryan West
<rwest_at_zyedge.com<mailto:rwest_at_zyedge.com>> wrote:
Manoj,

Inline

-----Original Message-----
From: nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>
[mailto:nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com>] On Behalf Of
manoj prajapati
Sent: Wednesday, November 18, 2009 5:38 AM

Hello Experts,

   I have configured SSL VPN + CSD (cisco secure desktop) on ASA 5510
device, and sucessfully connecting from the outside world . But, here i
wanted to achieve this authentication should be taken from* Active Directory
* instead of local Authentication.

Can anybody gives some light to it....

Here is the configuration,

aaa-server kingkong protocol nt
aaa-server kingkong (inside) host 10.1.12.2
 nt-auth-domain-controller 10.1.12.2
aaa authentication enable console kingkong-ad LOCAL
aaa authentication telnet console kingkong-ad LOCAL
aaa authentication http console kingkong-ad LOCAL

---------

tunnel-group DefaultWEBVPNGroup general-attributes
 authentication-server-group kingkong-ad LOCAL

That should get you what you need, you should check out LDAP though as you
can enforce a lot of policy decisions based on information you gather there.

-ryan

Blogs and organic groups at http://www.ccie.net
Received on Tue Nov 24 2009 - 03:04:48 ART