Unanswered Question
Sep 14th, 2009
User Badges:

I'm in the process of doing an SSL VPN configuration for a customer who wants to integrate the SSL VPN authentication with Active Directory. They want to be able to give each group in AD specific access rights. Essentially do access-lists per a group-policy straight from the firewall to LDAP. The customer doesn't have ACS so I can't use downloadable acl's. I'm familiar with user authentication to LDAP or RADIUS on the firewall, what I haven't done before is map LDAP group to a group policy on the firewall without using ACS.

Has anyone ever done this or know if it can be done with IAS?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Todd Pula Mon, 09/14/2009 - 09:09
User Badges:
  • Silver, 250 points or more

You mention firewall so I am assuming you are deploying an ASA. There are a few different ways you can assign LDAP users to a group policy. You can then configure a tunnel group lock and network filter on the respective group policy. Another more flexible solution is to use DAP.

estadlercisco Mon, 09/14/2009 - 10:16
User Badges:

beautiful... i was on the right track then. Thanks for your help. I have some of this configured already. I've read the first 2 guides in the past several times, but have never seen the DAP guide.

Thank You


This Discussion