Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
0
Helpful
2
Replies

SSL VPN

estadlercisco
Level 1
Level 1

‎09-14-2009 05:57 AM

I'm in the process of doing an SSL VPN configuration for a customer who wants to integrate the SSL VPN authentication with Active Directory. They want to be able to give each group in AD specific access rights. Essentially do access-lists per a group-policy straight from the firewall to LDAP. The customer doesn't have ACS so I can't use downloadable acl's. I'm familiar with user authentication to LDAP or RADIUS on the firewall, what I haven't done before is map LDAP group to a group policy on the firewall without using ACS.

Has anyone ever done this or know if it can be done with IAS?

Labels:
0 Helpful
2 Replies 2

Todd Pula
Level 7
Level 7

‎09-14-2009 09:09 AM

You mention firewall so I am assuming you are deploying an ASA. There are a few different ways you can assign LDAP users to a group policy. You can then configure a tunnel group lock and network filter on the respective group policy. Another more flexible solution is to use DAP.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808d1a7c.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008089149d.shtml

http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

0 Helpful

estadlercisco
Level 1
Level 1
In response to Todd Pula

‎09-14-2009 10:16 AM

beautiful... i was on the right track then. Thanks for your help. I have some of this configured already. I've read the first 2 guides in the past several times, but have never seen the DAP guide.

Thank You

0 Helpful
Customers Also Viewed These Support Documents