Customizing Login Windows For Webvpn Users - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
hostname(config-tunnel-webvpn)#
Name is the name of a group policy created for a WebVPN tunnel group.
This policy is an alternative group policy to differentiate access rights for the following CSD clients:
•
•
The following example specifies an alternative group policy named group2:
hostname(config-tunnel-webvpn)# hic-fail-group-policy group2
hostname(config-tunnel-webvpn)#
Note
For more information, see the Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series
Administration Guide.
Customizing Login Windows for WebVPN Users
You can set up different login windows for different groups by using a combination of customization
profiles and tunnel groups. For example, assuming that you had created a customization profile called
salesgui, you can create a WebVPN tunnel group called sales that uses that customization profile, as the
following example shows:
In webvpn mode, define a WebVPN customization, in this case named salesgui and change the default
Step 1
logo to mycompanylogo.gif. You must have previously loaded mycompanylogo.gif onto the flash
memory of the security appliance and saved the configuration. See the WebVPN chapter for details.
hostname# webvpn
hostname (config-webvpn)# customization value salesgui
hostname(config-webvpn-custom)# logo file disk0:\mycompanylogo.gif
hostname(config-webvpn-custom)#
In global configuration mode, set up a username and associate with it the WebVPN customization you've
Step 2
just defined:
hostname# username seller attributes
hostname(config-username)# webvpn
hostname(config-username-webvpn)# customization value salesgui
hostname(config-username-webvpn)# exit
hostname(config-username)# exit
hostname#
Step 3
In global configuration mode, create a WebVPN tunnel-group named sales:
hostname# tunnel-group sales type webvpn
hostname(config-tunnel-webvpn)#
Specify that you want to use the salesgui customization for this tunnel group:
Step 4
hostname# tunnel-group sales webvpn-attributes
OL-10088-01
Clients that match a CSD location entry set to "Use Failure Group-Policy."
Clients that match a CSD location entry set to "Use Success Group-Policy, if criteria match," and
then fail to match the configured Group-Based Policy criteria. For more information, see the Cisco
Secure Desktop Configuration Guide for Cisco ASA 5500 Series Administrators.
The security appliance does not use this attribute if you set the VPN feature policy to "Always
use Success Group-Policy."
Cisco Security Appliance Command Line Configuration Guide
Configuring Tunnel Groups
30-23
Advertisement
Table of Contents
Troubleshooting
