cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
741
Views
0
Helpful
1
Replies

VPN client users and RADIUS help

Andy White
Level 3
Level 3

Hello,

We have a number of users that use the Cisco VPN client to connect to our ASA firewall and onto our network.  We use Active Directory and I want to only allow users onto our network if they are in a particular AD group, is this possible?

Thanks

1 Reply 1

Nelson Rodrigues
Cisco Employee
Cisco Employee

If you are using ASA 8.x, then I recommend implementing DAP 9Dynamic Access Policyes) which allows to to control the session establishment (after successful AAA processing) using AAA controls from AD.

DAP#1 - allows clients to connect only if memmerOf= ENgineering, Employees

DAP#2- allows clients to connect only if memmerOf= Consultants

The resulting VPN policy=DAP access/authorizaiton attributes+any Radius/LDAP VSA+ASA Group Policy.

See details at DAP Deployment Guide https://supportforums.cisco.com/docs/DOC-1369 .

Regards,

Nelson

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: