ASA: Active Directory Group Membership should determine if OTP is used or not
Sorry, the subject sounds strange, but its hard to tell in few words.
Our customer connects with Anyconnec VPN and needs a special login behavior.
If our customer has User "xxx" and "yyy" in Active Directrtoy Group "OTP/LDAP Access" the ASA should ask the user "xxx" and "yyy" for LDAP credentials and OTP Password.
If our customer has User "zzz" in Active Directrtoy Group "LDAP Access" the ASA should ask the user "zzz" just for LDAP credentials.
My idea was to do two tunnel-groups one ask's for LDAP and OTP the another ask just for LDAP. But in that case the user gets a dropdown menu, where he has to choose the tunnel-group. But our customer dont want that drop down menu. The ASA should determine if he needs LDAP Credentals and OTP or just LDAP to connect.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...