Connection Profiles
SSL connection means connection with TCP using port 443
Connection profile i.e. Tunnel group controls pre-logon policy
How ASA authenticates user?
1.User sends packets to initiate VPN
2. Check for URL, Alias or Cert linked to custom connection profile
If present -> use custom connection profile
If not -> use default connection profiles. If SSL, use DefaultWebVPN Group. If Ipsec use DefaultRA Group
We can modify defaultwebvpn and defaultRA group but we can’t delete.
3. Based on the connection profile select:
Authentication method (LOACAL, AAA, cert)
Ip address assignment method (not for Clientless)
DNS server to use
Post logon policies: Once the user is authenticated
Permissions, authorizations, restrictions, etc.
What all polices are applied to VPN?
Top down match
DAP rules
User Profile Rules
User Profile Group Rules
Connection Profile Group rules
DfltgrpPolicy Group rules
No comments:
Post a Comment