Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
525
Views
0
Helpful
1
Replies

Anyone used Dynamic Access Policies for VPN Client Access?

Andy White
Level 3
Level 3

‎01-28-2010 07:57 AM - edited ‎03-10-2019 04:54 PM

Hello,

I would like to use the DAP feature on the ASA firewalls and authenticate users against a Microsoft Active Directory group, has anyone don this before.  basically I want:

If a user is in an AD group and has a particular profile then you can get on, possible?

At the moment we just use Radius and one AD group for all, I want it more secure and different AD groups for different purposes.

Labels:
0 Helpful
1 Reply 1

Ivan Martinon
Level 7
Level 7

‎02-03-2010 01:41 PM

Yes it is possible, you need to play with the memberOf attributes and the application function of DAP to match this to IPSEC or Anyconnect or any and to choose whether the user which belongs to X group is allowed to this, see the following link for reference:

http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

hth

Ivan

0 Helpful
Customers Also Viewed These Support Documents