I was able to set access through different tunnel groups on the ASA. This will require different configs in the Cisco VPN client.
Is there a way to have a single tunnel group and then somehow set ACL that are tied to different groups in Active Directory? That way all Cisco VPN clients are configured the same way but based on AD group would define access control?
In the above example,if user john is member of Windows Group "VPNGroupA", he will be mapped to group-policy GroupA on ASA.
Then you create the GroupA policy similar to this:
group-policy GroupA internal
group-policy GroupA attributes
dns-server value 192.168.0.11 192.168.0.6
default-domain value your_domain.com
address-pools value Pool_Groupa
Please rate if this helps. It's hard to find good how-to for this so I'm glad to give you the detailed steps.
NB: Use "Debug ldap 255" to see how your LDAP query and mapping goes and seek for errors."
Also, make sure you have no spaces in your OU name under AD, because the ASA will not accept your map-value command (I had to figure it out after 2 hours of troubleshooting because I used "VPN Access" originallly)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :