VPN client users and RADIUS help

Unanswered Question
Jan 28th, 2010
User Badges:


We have a number of users that use the Cisco VPN client to connect to our ASA firewall and onto our network.  We use Active Directory and I want to only allow users onto our network if they are in a particular AD group, is this possible?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Nelson Rodrigues Mon, 02/01/2010 - 11:10
User Badges:
  • Cisco Employee,

If you are using ASA 8.x, then I recommend implementing DAP 9Dynamic Access Policyes) which allows to to control the session establishment (after successful AAA processing) using AAA controls from AD.

DAP#1 - allows clients to connect only if memmerOf= ENgineering, Employees

DAP#2- allows clients to connect only if memmerOf= Consultants

The resulting VPN policy=DAP access/authorizaiton attributes+any Radius/LDAP VSA+ASA Group Policy.

See details at DAP Deployment Guide https://supportforums.cisco.com/docs/DOC-1369 .




This Discussion