Hi,
1. If the bookmark uses FQDN and not IP addresses, ASA needs to resolve
those names, so configure DNS servers on the ASA.
2. You can achieve this by configuring multiple group-policies on ASA and
based on the ACS group return in the RADIUS authorization the group-policy
name to be used for that session; another option would be to return in
RADIUS authorization the name of the URL-list. In both cases I would also
apply a webvpn ACL to make sure user is allowed access only to what is
visible in the portal.
See here the attributes you can use:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide
/config/ref_extserver.html#wp1778634
Regards,
Cristian.
On 05/03/14 13:38, "Prince Emirate" <begeieia_at_googlemail.com> wrote:
>hello guys,
>
>I need your help please... i'm configuring SSL VPN for a customer which
>required authentication with ACS using RSA.
>
>these some of the few challenges i have currently,
>
>1. I configure SSL VPN and create a Bookmark entry to server URL, the SSL
>VPN is working fine but when you click on the URL its not working,
>previous
>we have client SSL configured, so i used the VPN profile on ASA for SSL (
>Client SSL and Clientless SSL)
>
>2. is there a way to restrict SSL Bookmark URL access such if a user
>belonging to a particular groups on the ACS authenticate should only see
>the URL on the bookmark available to him not all the URLs, such that i
>can
>assign the BookMark URL per group?
>
>All input will be highly appreciated.
>
>
>ABDULLAHI BEGE
>Snr. Network Engineer.
>CCIE# 37630 RnS.
>
>
>Blogs and organic groups at http://www.ccie.net
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Mar 05 2014 - 05:55:48 ART
This archive was generated by hypermail 2.2.0 : Thu Apr 03 2014 - 17:12:31 ART