Authenticating with digital certificates, Assigning users to group policies, Using the security appliance authentication server – Cisco ASA 5505 User Manual

Page 1617: Using a radius server

Advertising
background image

74-31

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Creating and Applying Clientless SSL VPN Policies for Accessing Resources

You can type a string consisting of up to 40 characters, and equal to one of the valid character sets
identified in

http://www.iana.org/assignments/character-sets

. You can use either the name or the alias of

a character set listed on that page. The string is case-insensitive. The command interpreter converts
upper-case to lower-case when you save the ASA configuration.

Note

Authenticating with Digital Certificates

Clientless SSL VPN users that authenticate using digital certificates do not use global authentication and
authorization settings. Instead, they use an authorization server to authenticate once the certificate
validation occurs. For more information on authentication and authorization using digital certificates,
see the

“Using Certificates and User Login Credentials” section on page 35-9

.

Creating and Applying Clientless SSL VPN Policies for
Accessing Resources

Creating and applying policies for clientless SSL VPN that govern access to resources at the central site
includes the following task:

Assigning Users to Group Policies

Chapter 67, “Configuring Connection Profiles, Group Policies, and Users”

includes step-by-step

instructions for all of these tasks.

Assigning Users to Group Policies

Assigning users to group policies simplifies the configuration by letting you apply policies to many
users. You can use an internal authentication server on the ASA or an external RADIUS or LDAP server
to assign users to group policies. See

Chapter 67, “Configuring Connection Profiles, Group Policies, and

Users”

for a thorough explanation of ways to simplify configuration with group policies.

Using the Security Appliance Authentication Server

You can configure users to authenticate to the ASA internal authentication server, and assign these users
to a group policy on the ASA.

Using a RADIUS Server

Using a RADIUS server to authenticate users, assign users to group policies by following these steps:

Step 1

Authenticate the user with RADIUS and use the Class attribute to assign that user to a particular group
policy.

Step 2

Set the class attribute to the group policy name in the format OU=group_name

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals