Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Anyone used Dynamic Access Policies for VPN Client Access?

Hello,

I would like to use the DAP feature on the ASA firewalls and authenticate users against a Microsoft Active Directory group, has anyone don this before.  basically I want:

If a user is in an AD group and has a particular profile then you can get on, possible?

At the moment we just use Radius and one AD group for all, I want it more secure and different AD groups for different purposes.

1 REPLY

Re: Anyone used Dynamic Access Policies for VPN Client Access?

Yes it is possible, you need to play with the memberOf attributes and the application function of DAP to match this to IPSEC or Anyconnect or any and to choose whether the user which belongs to X group is allowed to this, see the following link for reference:

http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

hth

Ivan

310
Views
0
Helpful
1
Replies