Configuring Webvpn For Specific Users - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
hostname(config-username)# group-lock {value tunnel-grp-name | none}
hostname(config-username)# no group-lock
hostname(config-username)
The following example shows how to set group lock for the user named anyuser:
hostname(config)# username anyuser attributes
hostname(config-username)# group-lock value tunnel-group-name
hostname(config-username)
Enabling Password Storage for Software Client Users
Specify whether to let users store their login passwords on the client system. Password storage is
disabled by default. Enable password storage only on systems that you know to be in secure sites. To
disable password storage, enter the password-storage command with the disable keyword. To remove
the password-storage attribute from the running configuration, enter the no form of this command. This
enables inheritance of a value for password-storage from the group policy.
hostname(config-username)# password-storage {enable | disable}
hostname(config-username)# no password-storage
hostname(config-username)
This command has no bearing on interactive hardware client authentication or individual user
authentication for hardware clients.
The following example shows how to enable password storage for the user named anyuser:
hostname(config)# username anyuser attributes
hostname(config-username)# password-storage enable
hostname(config-username)
Configuring WebVPN for Specific Users
The following sections describe how to customize a WebVPN configuration for specific users. Enter
username webvpn configuration mode by using the webvpn command in username configuration mode.
WebVPN lets users establish a secure, remote-access VPN tunnel to the security appliance using a web
browser. There is no need for either a software or hardware client. WebVPN provides easy access to a
broad range of web resources and web-enabled applications from almost any computer that can reach
HTTPS Internet sites. WebVPN uses SSL and its successor, TLS1, to provide a secure connection
between remote users and specific, supported internal resources that you configure at a central site. The
security appliance recognizes connections that need to be proxied, and the HTTP server interacts with
the authentication subsystem to authenticate users.
The username webvpn configuration mode commands define access to files, MAPI proxy, URLs and
TCP applications over WebVPN. They also identify ACLs and types of traffic to filter. WebVPN is
disabled by default. These webvpn commands apply only to the username from which you configure
them. Notice that the prompt changes, indicating that you are now in username webvpn configuration
mode.
hostname(config-username)# webvpn
hostname(config-username-webvpn)#
To remove all commands entered in username webvpn configuration mode, use the no form of this
command:
hostname(config-username)# no webvpn
hostname(config-username)#
OL-10088-01
Cisco Security Appliance Command Line Configuration Guide
Configuring User Attributes
30-75
Advertisement
Table of Contents
Troubleshooting
