Re: IOS SSLVPN AND ACTIVE DIRECTORY

Is there a way to limit bandwidth and number of users utilizing the
sslvpn connection , i am thinking QOS policing inbound , is dat a
valid solution and does anyone have other ideas

On 11/12/10, Beauty <fordownloadsccie_at_gmail.com> wrote:
> Thanks a lot Joe , its very clear now
>
> On 11/12/10, Joseph L. Brunner <joe_at_affirmedsystems.com> wrote:
>> Block using devices like usb flash hd's, external hd, etc.
>>
>> -----Original Message-----
>> From: Beauty [mailto:fordownloadsccie_at_gmail.com]
>> Sent: Friday, November 12, 2010 10:58 AM
>> To: Joseph L. Brunner
>> Subject: Re: IOS SSLVPN AND ACTIVE DIRECTORY
>>
>> please can you explain what you mean by "file" access , i am quite
>> new in the cisco security world.
>>
>> so pardon my ignorance.
>>
>> On 11/12/10, Joseph L. Brunner <joe_at_affirmedsystems.com> wrote:
>>> Yes you can disabled "file" access!
>>>
>>> http://www.cisco.com/en/US/products/ps6496/products_configuration_example09186a008072aa7b.shtml#II1
>>>
>>> "Captain, I'm detecting much win in this sector"
>>>
>>>
>>> -Joe
>>>
>>> -----Original Message-----
>>> From: Beauty [mailto:fordownloadsccie_at_gmail.com]
>>> Sent: Friday, November 12, 2010 10:37 AM
>>> To: Joseph L. Brunner
>>> Cc: ccielab_at_groupstudy.com
>>> Subject: Re: IOS SSLVPN AND ACTIVE DIRECTORY
>>>
>>> Thanks Joe for the response ,
>>> Thanks for also laughing at my ignorance ,
>>> Also i want to know if the cisco secure desktop also prevents users
>>> from storing info accessed over the vpn on external devices like flash
>>> drives, external HDD , cd roms etc , if not is there any cisco or
>>> network solution for this.
>>>
>>>
>>>
>>> On 11/12/10, Joseph L. Brunner <joe_at_affirmedsystems.com> wrote:
>>>> LOL,
>>>>
>>>> Yeah quite easily;
>>>>
>>>> Simply configure the standard radius groups you always configure and
>>>> expose
>>>> AD via radius in IAS in 2003 AD, or NPS in 2008
>>>>
>>>>
>>>> aaa authentication login msftad group radius
>>>>
>>>> aaa authorization network msftad group radius
>>>>
>>>> radius-server host 10.110.20.10 auth-port 1645 acct-port 1646 key 7
>>>> 0991430B2A5411001
>>>>
>>>> webvpn gateway somegw
>>>> webvpn context some-context
>>>> policy group some-policy
>>>> default-group-policy some-policy
>>>> aaa authentication list msftad
>>>> aaa authorization list msftad
>>>> gateway somegw
>>>>
>>>> then on AD setup the IAS/NPS (here is some notes for windows 2008
>>>> server's
>>>> Network Policy Server (NPS)
>>>>
>>>> http://social.technet.microsoft.com/Forums/en/winserverNIS/thread/bfbbbae4-a280-4b3f-b214-02867b7d33e3
>>>>
>>>> -Joe
>>>>
>>>> -----Original Message-----
>>>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>>>> Beauty
>>>> Sent: Friday, November 12, 2010 10:07 AM
>>>> To: ccielab_at_groupstudy.com
>>>> Subject: OT: IOS SSLVPN AND ACTIVE DIRECTORY
>>>>
>>>> Hi All,
>>>> Is it possible to configure IOS sslvpn to authenticate users against
>>>> active directory , if yes can anyone provide suitable links.
>>>>
>>>> --
>>>> Warm Regards ,
>>>> Beauty
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Warm Regards ,
>>> Beauty
>>>
>>
>>
>> --
>> Warm Regards ,
>> Beauty
>>
>
>
> --
> Warm Regards ,
> Beauty
>

-- 
Warm Regards ,
Beauty
Blogs and organic groups at http://www.ccie.net