Anyone used Dynamic Access Policies for VPN Client Access?

Unanswered Question
Jan 28th, 2010
User Badges:

Hello,


I would like to use the DAP feature on the ASA firewalls and authenticate users against a Microsoft Active Directory group, has anyone don this before.  basically I want:


If a user is in an AD group and has a particular profile then you can get on, possible?


At the moment we just use Radius and one AD group for all, I want it more secure and different AD groups for different purposes.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Wed, 02/03/2010 - 13:41
User Badges:
  • Cisco Employee,

Yes it is possible, you need to play with the memberOf attributes and the application function of DAP to match this to IPSEC or Anyconnect or any and to choose whether the user which belongs to X group is allowed to this, see the following link for reference:


http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml


hth

Ivan

Actions

This Discussion