RE: IOS SSLVPN AND ACTIVE DIRECTORY from Joseph L. Brunner on 2010-11-12 (Ccielab archives 11/2010)

From: Joseph L. Brunner <joe_at_affirmedsystems.com>
Date: Fri, 12 Nov 2010 10:44:30 -0500

Yes you can disabled "file" access!

http://www.cisco.com/en/US/products/ps6496/products_configuration_example09186a008072aa7b.shtml#II1

"Captain, I'm detecting much win in this sector"

-Joe

-----Original Message-----
From: Beauty [mailto:fordownloadsccie_at_gmail.com]
Sent: Friday, November 12, 2010 10:37 AM
To: Joseph L. Brunner
Cc: ccielab_at_groupstudy.com
Subject: Re: IOS SSLVPN AND ACTIVE DIRECTORY

Thanks Joe for the response ,
Thanks for also laughing at my ignorance ,
Also i want to know if the cisco secure desktop also prevents users
from storing info accessed over the vpn on external devices like flash
drives, external HDD , cd roms etc , if not is there any cisco or
network solution for this.

On 11/12/10, Joseph L. Brunner <joe_at_affirmedsystems.com> wrote:
> LOL,
>
> Yeah quite easily;
>
> Simply configure the standard radius groups you always configure and expose
> AD via radius in IAS in 2003 AD, or NPS in 2008
>
>
> aaa authentication login msftad group radius
>
> aaa authorization network msftad group radius
>
> radius-server host 10.110.20.10 auth-port 1645 acct-port 1646 key 7
> 0991430B2A5411001
>
> webvpn gateway somegw
> webvpn context some-context
> policy group some-policy
> default-group-policy some-policy
> aaa authentication list msftad
> aaa authorization list msftad
> gateway somegw
>
> then on AD setup the IAS/NPS (here is some notes for windows 2008 server's
> Network Policy Server (NPS)
>
> http://social.technet.microsoft.com/Forums/en/winserverNIS/thread/bfbbbae4-a280-4b3f-b214-02867b7d33e3
>
> -Joe
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Beauty
> Sent: Friday, November 12, 2010 10:07 AM
> To: ccielab_at_groupstudy.com
> Subject: OT: IOS SSLVPN AND ACTIVE DIRECTORY
>
> Hi All,
> Is it possible to configure IOS sslvpn to authenticate users against
> active directory , if yes can anyone provide suitable links.
>
> --
> Warm Regards ,
> Beauty
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Warm Regards ,
Beauty
Blogs and organic groups at http://www.ccie.net

Received on Fri Nov 12 2010 - 10:44:30 ART

This archive was generated by hypermail 2.2.0 : Sun Dec 05 2010 - 22:14:56 ART