Professional Documents
Culture Documents
Overview
The SSL VPN Configuration will use (2) Cisco ASA 8X Appliances to terminate SSL Sessions and provide VPN Load Balancing. SSL Group Policies and Access Control Lists will be maintained on the ASA Appliances. The Cisco Secure ACS 5.2 Server will provide Radius authentication for SSL VPN Users and assign an SSL Group Policy based on the ACS Userss Identity Group. All User Accounts will be maintained on ACS.
Public
https://web.acme.com https://12.34.56.78
Private
12.34.56.79
172.20.140.12
Internet
VPN LB IP
ASA1
Corp LAN
12.34.56.81
3845 AC
12.34.56.80
ASA2
172.20.140.13
172.20.140.251
Page 1 of 6
Page 2 of 6
ACS Users
Create your new User Accounts and assign these to the desired Identity Group. The Enable Password is not needed unless this user will perform Cisco Device Administration. Select User and Identity Stores > Users
Page 3 of 6
Page 4 of 6
Select the new Policy and select the Radius Attributes Tab. Click the select Button next to the Radius Attribute Field.
Within each Profile we will use the Radius Attribute Class (ID 25) to match the SSL Group Policy previously configured on the ASA. Select the Radio button for the Class Attribute and click OK.
Set the Attribute value to OU=VPN Group Policy Name. In this example, we use OU=SSL-POLICY3. Click Add and Submit.
Page 5 of 6
Page 6 of 6