Here is an overview of what I am looking to implement:
I have 3 different groups of users: "admins", "staff" and "partners".
These groups of users should each have a different level of access to internal network resources.
i.e. admins have access to all networks; staff have access to the NAS, terminal servers, printers and office computers; and partners have access to the internal web server.
This is the hardware and software I have to work with.
ASA 5510 running ASA 8.3(1)
Win2K8R2 AD DC
I can easily configure a policy on the NPS RADIUS server to authenticate users belonging to a particular AD group and then configure the ASA to use that in the connection profile. The problem is that this appears to work for one AD group only. Is there a way to configure this such that we can have a connection profile which requires a specific AD group membership and then assign group policy accordingly?
Any suggestions would be greatly appreciated.