Re: IOS SSLVPN AND ACTIVE DIRECTORY from Sadiq Yakasai on 2010-11-12 (Ccielab archives 11/2010)

From: Sadiq Yakasai <sadiqtanko_at_gmail.com>
Date: Fri, 12 Nov 2010 16:20:49 +0000

Yeah, I did not also see what was funny in that first email to be honest!

Sadiq

On Fri, Nov 12, 2010 at 3:44 PM, Joseph L. Brunner
<joe_at_affirmedsystems.com>wrote:

> Yes you can disabled "file" access!
>
>
> http://www.cisco.com/en/US/products/ps6496/products_configuration_example09186a008072aa7b.shtml#II1
>
> "Captain, I'm detecting much win in this sector"
>
>
> -Joe
>
> -----Original Message-----
> From: Beauty [mailto:fordownloadsccie_at_gmail.com]
> Sent: Friday, November 12, 2010 10:37 AM
> To: Joseph L. Brunner
> Cc: ccielab_at_groupstudy.com
> Subject: Re: IOS SSLVPN AND ACTIVE DIRECTORY
>
> Thanks Joe for the response ,
> Thanks for also laughing at my ignorance ,
> Also i want to know if the cisco secure desktop also prevents users
> from storing info accessed over the vpn on external devices like flash
> drives, external HDD , cd roms etc , if not is there any cisco or
> network solution for this.
>
>
>
> On 11/12/10, Joseph L. Brunner <joe_at_affirmedsystems.com> wrote:
> > LOL,
> >
> > Yeah quite easily;
> >
> > Simply configure the standard radius groups you always configure and
> expose
> > AD via radius in IAS in 2003 AD, or NPS in 2008
> >
> >
> > aaa authentication login msftad group radius
> >
> > aaa authorization network msftad group radius
> >
> > radius-server host 10.110.20.10 auth-port 1645 acct-port 1646 key 7
> > 0991430B2A5411001
> >
> > webvpn gateway somegw
> > webvpn context some-context
> > policy group some-policy
> > default-group-policy some-policy
> > aaa authentication list msftad
> > aaa authorization list msftad
> > gateway somegw
> >
> > then on AD setup the IAS/NPS (here is some notes for windows 2008
> server's
> > Network Policy Server (NPS)
> >
> >
> http://social.technet.microsoft.com/Forums/en/winserverNIS/thread/bfbbbae4-a280-4b3f-b214-02867b7d33e3
> >
> > -Joe
> >
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> > Beauty
> > Sent: Friday, November 12, 2010 10:07 AM
> > To: ccielab_at_groupstudy.com
> > Subject: OT: IOS SSLVPN AND ACTIVE DIRECTORY
> >
> > Hi All,
> > Is it possible to configure IOS sslvpn to authenticate users against
> > active directory , if yes can anyone provide suitable links.
> >
> > --
> > Warm Regards ,
> > Beauty
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Warm Regards ,
> Beauty
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
CCIEx2 (R&S|Sec) #19963
Blogs and organic groups at http://www.ccie.net

Received on Fri Nov 12 2010 - 16:20:49 ART

This archive was generated by hypermail 2.2.0 : Sun Dec 05 2010 - 22:14:56 ART