I desperately need some advice with my WEBVPN authentication design.
How would I restrict specific users to only connect to certain connection profile Aliases?
For instance. lets say I have GROUP A, GROUP B, and GROUP C as aliases, available on the drop-down menu of the SSL login screen. In AD, I have 3 Security groups named the same. How do I ensure that only members of the group A security group can authenticate to the GROUP A connection profile, and not the others. Ideally, I would like to accomplish this with Radius authentication, but I couldn't find an attribute that was passed along that I can prequalify against. Any and all suggestions are appreciated. Thanks.
You can use ldap mapping to authenticate your users against AD with ldap, and retrieve the memberOf value and map this to the IETF-Class value that the ASA understands, this to enable group lock, which will only allow users belonging to a specific tunnel group/group policy to connect to that tunnel group/group policy.